Malware Analysis Report

2024-12-07 10:02

Sample ID 241114-dzzs1stgqm
Target Qualcomm-HS-USB-QDLoader-9008-Driver.zip
SHA256 13f4930d50147bf979600dce87868815732f6bfebc182c6fd82270f55e6ab04e
Tags
discovery evasion ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

13f4930d50147bf979600dce87868815732f6bfebc182c6fd82270f55e6ab04e

Threat Level: Likely malicious

The file Qualcomm-HS-USB-QDLoader-9008-Driver.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion ransomware

Modifies boot configuration data using bcdedit

Drops file in Drivers directory

Manipulates Digital Signatures

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 03:27

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-14 03:27

Reported

2024-11-14 03:28

Platform

win7-20241010-en

Max time kernel

65s

Max time network

68s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe"

Signatures

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\qcusbser.sys C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\system32\drivers\qcusbnet.sys C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 0f00000001000000100000006ddadd99f8acd9ca1175000029c4679e030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\system32\DrvInst.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\SET670D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcnet.inf_amd64_neutral_451e8530f7ccee5d\qcnet.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\QualcommCoInstaller.dll C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_neutral_6c599d5aa838e5ed\qcmdm.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\SET6D44.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\SET6D44.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\qcusbnet.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstrng.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\SET670E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\qcmdm.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_neutral_6c599d5aa838e5ed\qcmdm.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\SET5E66.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_neutral_a38de8285c46bafa\qcser.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\SET6D64.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\qcnet.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\SET5E56.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\qcusbser.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\SET5E96.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\qcusbnet.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\SET6DC3.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\SET5E66.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\qcser.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstrng.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\SET670D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\SET671E.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\SET671E.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\SET6D64.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\SET5E56.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a}\SET5E96.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_neutral_a38de8285c46bafa\qcser.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5c04974d-4c43-5858-7e40-047cce9b6d4a} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\qcusbser.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\SET670E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{382e5348-f36c-3a75-930c-c54baf00dd43}\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6a8da586-3762-0794-ca86-7e53e52fe225}\SET6DC3.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcnet.inf_amd64_neutral_451e8530f7ccee5d\qcnet.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstrng.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\logReader.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\README-NET.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\README.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qdcfg.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DifxApi\amd64\DIFxAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\license.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\qcusbtest.cer C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DifxApi\x86\DIFxAPI.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\inf\flpydisk.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\hcw85c64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmke.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmmega.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmtdkj6.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnep00g.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\sbp2.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnod002.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\tape.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\hpoa1sd.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmrock4.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnle003.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\winusb.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\amdsata.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mstape.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnlx00e.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\wdma_usb.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\Installer\MSI7275.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\averfx2swtv_x64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmadc.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmdgitn.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\net1yx64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\ph6xib64c0.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnrc006.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\netl1c64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnky008.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\wvmbushid.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmags64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmdcm6.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmgl005.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmpsion.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnbr003.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnep002.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnxx002.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\ql40xx2.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mchgr.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnkm002.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnlx002.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\termmou.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\msports.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnlx00c.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnlx00w.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\wiabr002.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\mdmkortx.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\wudfusbcciddriver.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\adp94xx.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\arc.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\crcdisk.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\hpoa1ss.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmaiwat.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnca003.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\wiacn001.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmrock5.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnlx006.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\prnlx009.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\hcw85b64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmbw561.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmc26a.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\ph3xibc11.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\xnacc.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\mdmarn.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\msdri.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\inf\wialx005.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\PackageCode = "5FAA03CD5D8B1FC4EADABE6949108FF1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A\NewFeature1 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Version = "16777230" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\PackageName = "QualcommWindowsDriverInstaller.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductName = "Qualcomm USB Drivers For Windows" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductIcon = "C:\\Windows\\Installer\\{D9FB7F91-9687-4B09-894D-072903CADEA4}\\ARPPRODUCTICON.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\cmd.exe
PID 760 wrote to memory of 872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 760 wrote to memory of 872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 760 wrote to memory of 872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 1736 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 1736 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 1736 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 1736 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 1736 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2008 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2008 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2008 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2008 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2008 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2008 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2008 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3060 wrote to memory of 2848 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2848 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2848 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2848 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2800 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2800 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2800 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2800 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2516 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2516 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2516 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2516 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2540 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2540 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2540 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2540 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 3004 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 3004 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 3004 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 3004 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2904 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2904 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2904 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2904 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2996 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2996 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2996 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2996 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 1436 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 1436 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 1436 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 1436 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2792 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2792 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2792 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 2792 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 3036 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 3036 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe
PID 3060 wrote to memory of 3036 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe"

C:\Windows\system32\cmd.exe

cmd.exe /c bcdedit.exe > "C:\Users\Admin\AppData\Local\Temp\usb9C3F.tmp"

C:\Windows\system32\bcdedit.exe

bcdedit.exe

C:\Windows\system32\bcdedit.exe

bcdedit.exe /set testsigning on

C:\Windows\SysWOW64\msiexec.exe

msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi" REBOOTNEEDED=1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 31477DC317A3A7D08622D9D037323851 C

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C7E2C903-A2C0-4126-B0DB-C3B3E53AB660}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6E72FD68-CC3D-42FF-86F5-8EF2A05FB418}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D25DB181-31FD-4A81-80E9-1DA3D81806AB}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6BD978F0-6973-400A-8862-5F6CB546538D}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{748EF0FA-2613-476D-A760-20DCF4EE9B79}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{67886057-88C6-4BED-A4AA-4A535B89AC65}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F8EC8888-597A-4C08-B267-65052F1001B2}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5A2062D9-E604-4BAF-89F8-17E516EA14B6}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9C8DC8A5-3828-48C6-B248-E21D81D3AF7C}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8EFAC41-F7E0-41B1-9F0D-31D07E10FE7B}

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B083A469-79B5-47D9-977F-DA2800B5B915}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000490" "00000000000005E0"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 99C4DC3424AA5F5E15AD85005E71A0DF M Global\MSI0000

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe

"C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\..\Tools\DriverInstaller64.exe" "/I|1|C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{7ece5f7f-6c75-472d-cfd0-753cfd9b1001}\qcser.inf" "9" "66e416da7" "0000000000000060" "WinSta0\Default" "00000000000005E0" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{59867324-6fed-19e0-0a09-9a6995a0f778}\qcmdm.inf" "9" "681624b2b" "00000000000005E0" "WinSta0\Default" "0000000000000490" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{114df2a2-0a17-5464-9ff0-094a1c60bd36}\qcnet.inf" "9" "617a1a923" "0000000000000490" "WinSta0\Default" "00000000000005B0" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\usb9C3F.tmp

MD5 f65f95bcca91d0a1c09ca267738b266e
SHA1 beef10d51d5d9cc5581aefb19e8cb0b4675622e9
SHA256 217d1e627bfccbf0a637ba6914e192de5fc52ecc3c80c0061791adddb963603d
SHA512 f936efd01fc507b38e880b2b179f51f9aba5b8900468b67b28da27cc02c74dd3375bbe15cbfdcc3b52bc803f3602325226ffeed16ba0f3b6685ccd134ede25a7

C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi

MD5 81cd67ba3a17801105670379d9105dca
SHA1 b1fefdfdb4981bae8f014e09a2dfe796b779de17
SHA256 cdaf03bb4c995b89f0397ff57f6332aab96093681215d4915dcf3a1627687158
SHA512 b84a1770b5757d56ae650482ced65601ae56023cc08dad6906e098c65da40d1003170404afb3461e18f03df679ca53537abceef156e16f0cc5680ded567326ff

C:\Users\Admin\AppData\Local\Temp\MSIA332.tmp

MD5 f8d473c8b3462675be9ce9f98b8b3d6f
SHA1 d5b76d31d534a0c223fa01511d944218c4f6af6f
SHA256 2cbe8b514547da632f32f41e6ab14612c32c34f487330bc4e6ea53454b50a55c
SHA512 cb5b8ed674a296554423b4c568f4a16e0a8bee6529925e1e4276bbf79976d64c1fe50c8bcc5cea5366fa4bf6898fd8b59435200e98a50340a6e1cf8095818c50

memory/3060-8-0x0000000010000000-0x00000000101B5000-memory.dmp

\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISBEW64.exe

MD5 c3b2acc07bb0610405fc786e3432bef9
SHA1 333d5f2b55bd00ad4311ba104af7db984f953924
SHA256 9acc6cb5d01a4e4dbc92c8774c6999fab5f0e49f097e83098ba740842f5a2894
SHA512 2438e5dd11c8322101d9dc2d0f89ed0b1fc3cb5a65f644a1cf07f4c5a7f353c648e715fb910e09a444b623b3384eecd628e312608bcec63aa3b0107630df32bd

\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\ISRT.dll

MD5 a93f625ef42b54c2b0f4d38201e67606
SHA1 cbfebc1f736ccfc65562ede79a5ae1a8afb116a1
SHA256 e91a865c3d60d9d0bce5d5a0a2f551c5e032d5bc13bc40f85091ce46d38064e0
SHA512 805f0d535022de3d03aa191239fd90c54f2f6745bf02e0ce9cbe59ea34eecac7f9ebb600864c7cbcad5d011fa61bdb5b65889136617edc44178f87bd3970b198

memory/3060-32-0x0000000002B60000-0x0000000002C07000-memory.dmp

\Users\Admin\AppData\Local\Temp\{B619677C-21D9-4B1A-9D64-56993BF21E21}\_isres_0x0409.dll

MD5 d6bbf7ff6984213c7f1f0f8f07c51e6a
SHA1 cfe933fc3b634f7333adec7ec124c14e9d19ac21
SHA256 6366e18a8cbf609c9573f341004e5c2725c23a12973affa90ee7bcc7934ae1b2
SHA512 a1364c96848f54b241c8e92ed1887ca599255c8046e31af11cd4b0b23d97c00243808dff9086a536c0084d6815223685283844a9e27f2c20c4d3b85a794a9e9d

memory/3060-35-0x0000000002D90000-0x0000000002E19000-memory.dmp

C:\Windows\Installer\MSI28D7.tmp

MD5 0e0d435021e7fb4f9ec0986499f6888c
SHA1 615081e18612aa1fca6fbd94d61db177c093086a
SHA256 8b10c6480c9cdda4597984619e1816fbf326a099acae0a71823a558907518107
SHA512 99231ebd6a3bac6db3d30c3e19cbd36aa7ca0e4c7da0a6ea7184eb4e92788127ac76bbe4b18e7bbe54bfe79e9c8e04cd3c2bf56f7805228b763f687312b7ada9

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\qcusbtest.cer

MD5 c54c242c03112b67ddd41e5c8a43dfe1
SHA1 b1a014eab85e99467a8164d1f8a4095900365668
SHA256 d7f2c685f0aadf936bf6cc96c8ff5a9bb79973c6a0bc9ddd98f30813f20760f6
SHA512 f9abe673c806102835728a3d913c3f361c3e6ad305873b42d4a902e9de2ab930d7065c70fdf178a47a58bc44c2927ef040229d2325dca6d10d9e9dbb9907a31f

\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe

MD5 bed0437618f69c495141212a7706382f
SHA1 851e422c0d992a94faf4f02295f33a723f312ec5
SHA256 a3d1c48ca59b82feb88d3be36a740600d41c229b3b3fe4aa26d09bceb0b5f44d
SHA512 fe74e03e152846451ee8b121ddcb61df639e599bd4dda034ca823252a3a2daa08371fec07d925c2d227ae58a204a3f66fd2b4da603dfd611b65f9fa0927318f9

\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DifxApi\amd64\DIFxAPI.dll

MD5 9495b07f33ded991c65d9b04945d44c5
SHA1 db9d5ec47980eb0709faba0cda283ff99d643b7c
SHA256 bf0798d3a4540b15f45c5b329798a2ac532ff693764948b9b4757265e145216e
SHA512 36ff4bd8b252f78a91a8e205bda17bd7f159a11f1616f5bf90fa08164201c272efa817c3974680603ab19a2086ce4dc3a26a504ee811d5a530ccc9e8af6d4815

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcser.inf

MD5 c808bbb379906a1cb2dff6de974fff28
SHA1 e1546a956c9aa428d5ec48b872eabade2c9934b5
SHA256 efcbcb442ac9d24e6e39926ad80220748e1c90367b27b0b3abfedd731f6becbb
SHA512 3b3a1ae50615acfaf6c3dfa3d069448a1748ae5f14e5575f34cf6b20e0056f8beb30416156f8634b847de16555a1ab02ea968e839bf50a89a160c34db0198e7d

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcusbser.cat

MD5 d531a4b115f2575b6bf8355f542dd05d
SHA1 bd284297251eff6a60a7ccc6c61a187e2a1669c8
SHA256 13dc95ed460ae337b2c9ed4ea17574f3e6c3364571fbb41c02f30381ac34d128
SHA512 828928ce50c2bffc05b116b7a0eca5c156b1d0c4a17f2fec8a3f158ad0b36500869d245574ca3da08f9f82006e87c76e266694533c1048645f2ba9e5e1d89434

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\checked\amd64\qcusbser.sys

MD5 0b8c2b0bebbb596d5f2124bb51e5e01c
SHA1 92da8bc51b5ebc3a1533cc3234175fa84642dde7
SHA256 13b4f8bb890734cd2ddd1623fbcba161fa6d62c7048c9a904fce65411bfcaa34
SHA512 3a4e8279898067696232739d10705a32960fb54723e27d2081de346fe0a5141d17e71baf78c7e4bd62d42d6ba31f93de587405b984353dbbf12eddcfa67cd987

C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_neutral_a38de8285c46bafa\qcser.PNF

MD5 f8bbdd72265c1468a9321a1131851511
SHA1 1d140fab131b9556162640e58e8ed4e2b0b62acd
SHA256 2996ef011205c0a8283ff7c74f1f8466886b894679dca9b80cd8494e53d3d168
SHA512 cf51f1ba4c9593ad06bdf9eba948f6f30f0bfe294d2e105532e2a1cd15c5d7102b3adbda30035e542433667474ea77488c06f9ee5b4ccb8e5891e48c4af1de87

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcmdm.inf

MD5 ac16a3acbb5f5b394fb47ee7d4dc9498
SHA1 afefe0a71a5cbfb412d410d8ace23ea6874a8600
SHA256 f4e5db1097562912ad441fa83ae6c864d841f86132f69faaab9605e16e939360
SHA512 c9e85a27ad90f8068286433264cd6beab549202f3b02b5641b58daa0aae145cca8f11fb455f1b0bdcf0beff43ada9d69338eb3dfc737870c5684b684ff687ff1

C:\Windows\System32\DriverStore\INFCACHE.1

MD5 45932acd9c78ff9c4decb3206a333a71
SHA1 8c39cf33c0e2780c99a35419a7eb8b2ceef16711
SHA256 ac5beb0f0d7aa1f474099cc65e041e9212bc8e8659ac237b8acf14117c232d4b
SHA512 c002638201f4f291b2f70fe23c0956acc07845255ca2defd27390973ee633cc4a11e5a89db86a48acc7d8295aba941eebb87cb38f7bcd75d9e9ef6b076652960

C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_neutral_6c599d5aa838e5ed\qcmdm.PNF

MD5 42e36054f7927f328d9eea5caa89184b
SHA1 0df44e7d3d364565d655503d306d7a0e436bf6ee
SHA256 a0cf1547fdde75c35f2a65081b8266a8d58e530fa33492dbba26b64080a2beec
SHA512 ab4c7bea7a25524971dae55a242fe73eac84540dce381aed3bb6db5a0e9d638881c554e762ba9fee17a702940acd48e279713041045db925da893f597449b72c

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcnet.inf

MD5 fce20a06bf286593deac0fd30e099f10
SHA1 21d5165ed9bbe48e17d25eceb11ecd46526a12b1
SHA256 03d3a46718cf93e089c8b50549a0056433022c4bf85071acf7bf09cff2eafadf
SHA512 b7bba2733f7973f1b9b67b6de0f4227590a63c41f2f712c3cbe9e4e40821604652a3dc3a663c46cb4789f0248d404f0fdb2f382ddd24e54b431671eee0901b13

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcusbnet.cat

MD5 ed55a968717d6f8a604a7fd11a4d799f
SHA1 bef0d37c21c43221958c185ad9ff1f6273b2497e
SHA256 2d416c0ee1719ff67c413b0ea32440b27da110f9ff0e0d8fb8efbca1363a69b6
SHA512 b96142d59022ed58209e28ee0e40709094e78641c75c71a4ab678f9ab0ec52cade345bf918fedca3880036266f41b62933c503d97304e18e5d6ffd8649216708

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\checked\amd64\qcusbnet.sys

MD5 75376bb74d6554ed28d1e5ed4a15b00a
SHA1 58b9b963db488f6df2e9559b0bd566eadf0015c0
SHA256 006a71fcf1bbc0a974ab3200746b2fedb36a9e708e3e855aaa9aa30f1cb76117
SHA512 b2fcc4c4f4154b2466d8ca748a3cecfd90214ccf223175079fa52e6b2e6292fd1174a99ee174d2fb7e83bb946917f39d080ec7ffc47df989c8cb82a8982fe9ea

C:\Windows\System32\DriverStore\INFCACHE.1

MD5 91c0c9594f608cdb7d5079eb38fb03ac
SHA1 abbcddae027e212b982724ec269365abe926c58b
SHA256 20125be7400f8073b85cd27f1e80cd3a8e895adf220e2d9feaa280c4cf9895ff
SHA512 54d47f15e45f8f603bbea9a763cd432395556d79239e76c7e894a9113f9b6147f6a20a6c666acd2efb8a60e6652510b0b78039249bee5e1c85a09245a68016c1

C:\Windows\System32\DriverStore\FileRepository\qcnet.inf_amd64_neutral_451e8530f7ccee5d\qcnet.PNF

MD5 67696e1342dfa53df818444524fc9f6f
SHA1 07bb34813ea2a9780ef2553f28b9a440fdb32c17
SHA256 d55cacd44b46ecafd6b186c0eef21e43cccc40142a4416d69c56d927c8246739
SHA512 176ddc83e73a93ae85435572440d040fdc3ef444dd20a2002358bce5d943a0d063cab2a9c39227d90fc498f166e8842553255bae1c475530f1485714355b2923

C:\Windows\System32\catroot2\dberr.txt

MD5 80e5e1a21d43bfa517806c48ea97a389
SHA1 90dadb71501ee0ef2e2093c0af35310c720fd148
SHA256 7b83faeeed8589c7d21533ecedf38b288c2b7630d9ffb7b2c11b772abe3ed610
SHA512 a63b8e4bcf64517599778d2b58d594aabb8a36007472b174470c87d7073c38c3bd27d53605791f315304025cfbf7a6a6a94cddc214e0f468a9849b1cd21beb96

C:\Config.Msi\f78209d.rbs

MD5 0c3c4d46b629da7ba28cfa3e3862a088
SHA1 d28f84fabf413a156f8391a98b9a16970b95318f
SHA256 493a3487a38be6bec06461321872044dd0d96791a01e990679ba85147bdde3fc
SHA512 0995ff3bee4784a1f848d4669289438acc2e52d1149813224bc4f3577d5132c4dd7cc00835a79f8e552ca1f02bcfd24593ba5105479798b4d485847f30e64d77

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-14 03:27

Reported

2024-11-14 03:29

Platform

win10v2004-20241007-en

Max time kernel

71s

Max time network

74s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe"

Signatures

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\bcdedit.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\qcusbser.sys C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\system32\drivers\qcusbnet.sys C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 0f00000001000000100000006ddadd99f8acd9ca1175000029c4679e030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\syswow64\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\SET89FC.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\qcnet.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_a38de8285c46bafa\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_a38de8285c46bafa\qcusbser.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\SET8857.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_6c599d5aa838e5ed\qcmdm.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\SET820D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\SET8856.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\SET89FB.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\SET89FC.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcnet.inf_amd64_451e8530f7ccee5d\qcusbnet.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcnet.inf_amd64_451e8530f7ccee5d\qcnet.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\qcusbser.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\SET8856.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcnet.inf_amd64_451e8530f7ccee5d\qcusbnet.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\SET89FB.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\qcusbnet.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\SET8A1C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\SET820C.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\SET820E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_6c599d5aa838e5ed\qcmdm.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\SET8A1C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\SET820D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\SET8836.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\SET8836.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\SET8857.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_a38de8285c46bafa\qcser.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85d49036-ee75-c448-baf3-b20f5d696c43}\qcmdm.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_6c599d5aa838e5ed\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b8cde844-13e4-274c-822e-48a5bdd35807}\qcusbnet.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\QualcommCoInstaller.dll C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\SET820C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\qcusbser.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\SET820E.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcnet.inf_amd64_451e8530f7ccee5d\qcnet.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8acf6103-61da-684b-a491-bad33f39e19b}\qcser.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_a38de8285c46bafa\qcser.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_6c599d5aa838e5ed\qcusbser.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\logReader.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DifxApi\x86\DIFxAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\README.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\x86\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\qcusbtest.cer C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DifxApi\amd64\DIFxAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\README-NET.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\license.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qdcfg.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Free\amd64\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\amd64\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Checked\x86\qcser.inf C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\inf\c_fsquotamgmt.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netwtw04.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\prnms004.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\prnms005.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_securitydevices.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdm3com.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmiodat.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\usbncm.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\Installer\SourceHash{D9FB7F91-9687-4B09-894D-072903CADEA4} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\amdsata.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netxex64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\wvmic_guestinterface.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\tpmvsc.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\hidcfu.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\oem0.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_61883.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_media.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mrvlpcie8897.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\multiprt.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\sisraid4.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\Installer\e585956.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\c_magneticstripereader.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_mouse.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmpn1.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\rawsilo.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmetech.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmhaeu.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\tsusbhubfilter.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netathr10x.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netwlv64.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\wvmic_kvpexchange.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\halextpl080.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmaiwat.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmati.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmgatew.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\ipoib6x.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmatm2k.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmtdkj4.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmzyxel.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\amdsbs.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\BthOob.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_keyboard.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_pnpprinters.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\microsoft_bluetooth_hfp_ag.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\wpdmtphw.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\Installer\MSI5E87.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\mdmcom1.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmgl001.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\scsidev.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\oem1.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_apo.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\c_holographic.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmdf56f.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmhayes.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netmscli.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\Installer\MSI8C3F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\c_smrvolume.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\mdmfj2.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\megasas2i.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netmlx5.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netvchannel.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File created C:\Windows\inf\netwtw06.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
File opened for modification C:\Windows\Installer\MSI5ABD.tmp C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001397c7f967de25740000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001397c7f90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001397c7f9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1397c7f9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001397c7f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\PackageCode = "5FAA03CD5D8B1FC4EADABE6949108FF1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Version = "16777230" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductName = "Qualcomm USB Drivers For Windows" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductIcon = "C:\\Windows\\Installer\\{D9FB7F91-9687-4B09-894D-072903CADEA4}\\ARPPRODUCTICON.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A\NewFeature1 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\PackageName = "QualcommWindowsDriverInstaller.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1404 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SYSTEM32\cmd.exe
PID 1404 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SYSTEM32\cmd.exe
PID 4024 wrote to memory of 1220 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 4024 wrote to memory of 1220 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 1404 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SYSTEM32\bcdedit.exe
PID 1404 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SYSTEM32\bcdedit.exe
PID 1404 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1404 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1404 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 4000 wrote to memory of 3252 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4000 wrote to memory of 3252 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4000 wrote to memory of 3252 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3252 wrote to memory of 1960 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 1960 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 3212 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 3212 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 1616 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 1616 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 1388 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 1388 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 4908 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 4908 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 1016 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 1016 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 3184 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 3184 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 4588 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 4588 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 2660 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 2660 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 60 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 60 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 396 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 3252 wrote to memory of 396 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe
PID 4000 wrote to memory of 4516 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4000 wrote to memory of 4516 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4000 wrote to memory of 3540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4000 wrote to memory of 3540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4000 wrote to memory of 3540 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3540 wrote to memory of 1308 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe
PID 3540 wrote to memory of 1308 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe
PID 2012 wrote to memory of 1660 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2012 wrote to memory of 1660 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2012 wrote to memory of 1436 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2012 wrote to memory of 1436 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2012 wrote to memory of 3892 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2012 wrote to memory of 3892 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_32bit_Setup.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c bcdedit.exe > "C:\Users\Admin\AppData\Local\Temp\usbB3BF.tmp"

C:\Windows\system32\bcdedit.exe

bcdedit.exe

C:\Windows\SYSTEM32\bcdedit.exe

bcdedit.exe /set testsigning on

C:\Windows\SysWOW64\msiexec.exe

msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi" REBOOTNEEDED=1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B7FD12851BD872192C55C8B67191DB40 C

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7B58DB25-E3D2-4986-AED3-FA0370B1BE57}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8ACA5FD5-54E5-4BB9-B38F-1D55876E5638}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F62D3DDF-78F1-4231-8133-1BB8978FDE4D}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9FD9A6CA-94BC-45F3-9D11-F358AC195017}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{53DCE18E-C3E5-4CFD-A6FD-BAD02C78B92E}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{98461152-E1B0-4531-B86D-2797822EC2A3}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{947D4243-E3D8-4A60-881A-4FBEE9852597}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{717233D8-A432-4950-96C6-B2A3AD014703}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AF5D72E5-6D70-4A08-A32B-0815E9D695C7}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5A78C0F7-F363-49A4-B852-F43FF61870CC}

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1C5A3DEA-2505-4236-A13E-3A7F150FE3BC}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F9FC69F88F516B0DA7DCBC545BCB99E2 E Global\MSI0000

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe

"C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\..\Tools\DriverInstaller64.exe" "/i|1|C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcser.inf" "9" "446711843" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcmdm.inf" "9" "4fdd37767" "000000000000015C" "WinSta0\Default" "0000000000000100" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcnet.inf" "9" "41964d3af" "0000000000000100" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3957055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\usbB3BF.tmp

MD5 557d0f46b66adc98bcea3e712f713c92
SHA1 3ce4822eae7ee2495e422a2580a31642effadfd0
SHA256 53031b46dac5a2804bbb7df5d2942aae37dee833db9bdcae34893e8c54af7cf3
SHA512 0a7cdce750cfce7b0c704f410096c136f991bc0e8cbe549b06b722aa479f383764bfb6f75fe8485e97d6be5b0c488b92c9e41594dccbdd4cdd67e912527e78ef

C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi

MD5 81cd67ba3a17801105670379d9105dca
SHA1 b1fefdfdb4981bae8f014e09a2dfe796b779de17
SHA256 cdaf03bb4c995b89f0397ff57f6332aab96093681215d4915dcf3a1627687158
SHA512 b84a1770b5757d56ae650482ced65601ae56023cc08dad6906e098c65da40d1003170404afb3461e18f03df679ca53537abceef156e16f0cc5680ded567326ff

C:\Users\Admin\AppData\Local\Temp\MSIBBCE.tmp

MD5 f8d473c8b3462675be9ce9f98b8b3d6f
SHA1 d5b76d31d534a0c223fa01511d944218c4f6af6f
SHA256 2cbe8b514547da632f32f41e6ab14612c32c34f487330bc4e6ea53454b50a55c
SHA512 cb5b8ed674a296554423b4c568f4a16e0a8bee6529925e1e4276bbf79976d64c1fe50c8bcc5cea5366fa4bf6898fd8b59435200e98a50340a6e1cf8095818c50

memory/3252-8-0x0000000010000000-0x00000000101B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISBEW64.exe

MD5 c3b2acc07bb0610405fc786e3432bef9
SHA1 333d5f2b55bd00ad4311ba104af7db984f953924
SHA256 9acc6cb5d01a4e4dbc92c8774c6999fab5f0e49f097e83098ba740842f5a2894
SHA512 2438e5dd11c8322101d9dc2d0f89ed0b1fc3cb5a65f644a1cf07f4c5a7f353c648e715fb910e09a444b623b3384eecd628e312608bcec63aa3b0107630df32bd

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\ISRT.dll

MD5 a93f625ef42b54c2b0f4d38201e67606
SHA1 cbfebc1f736ccfc65562ede79a5ae1a8afb116a1
SHA256 e91a865c3d60d9d0bce5d5a0a2f551c5e032d5bc13bc40f85091ce46d38064e0
SHA512 805f0d535022de3d03aa191239fd90c54f2f6745bf02e0ce9cbe59ea34eecac7f9ebb600864c7cbcad5d011fa61bdb5b65889136617edc44178f87bd3970b198

memory/3252-30-0x00000000033B0000-0x0000000003457000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{8CE2AA02-7B2E-47A2-8446-E9A2C54AF0D3}\_isres_0x0409.dll

MD5 d6bbf7ff6984213c7f1f0f8f07c51e6a
SHA1 cfe933fc3b634f7333adec7ec124c14e9d19ac21
SHA256 6366e18a8cbf609c9573f341004e5c2725c23a12973affa90ee7bcc7934ae1b2
SHA512 a1364c96848f54b241c8e92ed1887ca599255c8046e31af11cd4b0b23d97c00243808dff9086a536c0084d6815223685283844a9e27f2c20c4d3b85a794a9e9d

memory/3252-35-0x0000000003510000-0x0000000003599000-memory.dmp

C:\Windows\Installer\MSI5E87.tmp

MD5 0e0d435021e7fb4f9ec0986499f6888c
SHA1 615081e18612aa1fca6fbd94d61db177c093086a
SHA256 8b10c6480c9cdda4597984619e1816fbf326a099acae0a71823a558907518107
SHA512 99231ebd6a3bac6db3d30c3e19cbd36aa7ca0e4c7da0a6ea7184eb4e92788127ac76bbe4b18e7bbe54bfe79e9c8e04cd3c2bf56f7805228b763f687312b7ada9

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\qcusbtest.cer

MD5 c54c242c03112b67ddd41e5c8a43dfe1
SHA1 b1a014eab85e99467a8164d1f8a4095900365668
SHA256 d7f2c685f0aadf936bf6cc96c8ff5a9bb79973c6a0bc9ddd98f30813f20760f6
SHA512 f9abe673c806102835728a3d913c3f361c3e6ad305873b42d4a902e9de2ab930d7065c70fdf178a47a58bc44c2927ef040229d2325dca6d10d9e9dbb9907a31f

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DriverInstaller64.exe

MD5 bed0437618f69c495141212a7706382f
SHA1 851e422c0d992a94faf4f02295f33a723f312ec5
SHA256 a3d1c48ca59b82feb88d3be36a740600d41c229b3b3fe4aa26d09bceb0b5f44d
SHA512 fe74e03e152846451ee8b121ddcb61df639e599bd4dda034ca823252a3a2daa08371fec07d925c2d227ae58a204a3f66fd2b4da603dfd611b65f9fa0927318f9

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\DifxApi\amd64\difxapi.dll

MD5 9495b07f33ded991c65d9b04945d44c5
SHA1 db9d5ec47980eb0709faba0cda283ff99d643b7c
SHA256 bf0798d3a4540b15f45c5b329798a2ac532ff693764948b9b4757265e145216e
SHA512 36ff4bd8b252f78a91a8e205bda17bd7f159a11f1616f5bf90fa08164201c272efa817c3974680603ab19a2086ce4dc3a26a504ee811d5a530ccc9e8af6d4815

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcser.inf

MD5 c808bbb379906a1cb2dff6de974fff28
SHA1 e1546a956c9aa428d5ec48b872eabade2c9934b5
SHA256 efcbcb442ac9d24e6e39926ad80220748e1c90367b27b0b3abfedd731f6becbb
SHA512 3b3a1ae50615acfaf6c3dfa3d069448a1748ae5f14e5575f34cf6b20e0056f8beb30416156f8634b847de16555a1ab02ea968e839bf50a89a160c34db0198e7d

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\checked\amd64\qcusbser.sys

MD5 0b8c2b0bebbb596d5f2124bb51e5e01c
SHA1 92da8bc51b5ebc3a1533cc3234175fa84642dde7
SHA256 13b4f8bb890734cd2ddd1623fbcba161fa6d62c7048c9a904fce65411bfcaa34
SHA512 3a4e8279898067696232739d10705a32960fb54723e27d2081de346fe0a5141d17e71baf78c7e4bd62d42d6ba31f93de587405b984353dbbf12eddcfa67cd987

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\checked\amd64\qcusbser.cat

MD5 d531a4b115f2575b6bf8355f542dd05d
SHA1 bd284297251eff6a60a7ccc6c61a187e2a1669c8
SHA256 13dc95ed460ae337b2c9ed4ea17574f3e6c3364571fbb41c02f30381ac34d128
SHA512 828928ce50c2bffc05b116b7a0eca5c156b1d0c4a17f2fec8a3f158ad0b36500869d245574ca3da08f9f82006e87c76e266694533c1048645f2ba9e5e1d89434

\??\Volume{f9c79713-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{7d4d8237-4592-4270-a7b4-5a4ea666702a}_OnDiskSnapshotProp

MD5 779eb2814722603aa875a4d26b19d72f
SHA1 937077b1eaa5fafbcf337f3c4173ef58e2b425f5
SHA256 d5ffee99b856cd20d21f03da125eb7598244a88304bbb24f749d8ebc285cfdaa
SHA512 9164d249aabb20a4397bd4c8bf8a908278d2cde7ad3b7b402711536e8c2f7fe6fae47fb96f693bdc13316ad0c17c8462ece14d71e4f21360d7b98b06894860d6

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 d704598d033c642f1895c263404286da
SHA1 7572d6b9061ce1538dc635d3ea7d2811070d76a9
SHA256 98eeba33c6f4e1ee0f912e5db444644bf8ca9247b9de15791fc0d781f6961ffd
SHA512 1d3f02546509bf8bd7e6696ab8926110c829f1d103e38df69a0bbeffc81a19b9002a44f586d48fb41cde675f1f4854fd53789677341e1d6cee6f577f1e1797f3

C:\Windows\System32\CatRoot2\dberr.txt

MD5 0aa838e556f18741d2f750a4a9de323d
SHA1 93fea50f3b9b93fc37d24e6e3ea534df927d4cd6
SHA256 1c9d7d3b49fa0dda41750b522e7b83ea859e002931f9cc033b50f3279f503255
SHA512 68430679e9636955d975e276047e2e2831e43cfd70c2febc400fa2d69cab2e4627af32683fc9816c71ec260cbaf7fec27f8a7b9ab8de92e8d537aaa9ede61216

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcmdm.inf

MD5 ac16a3acbb5f5b394fb47ee7d4dc9498
SHA1 afefe0a71a5cbfb412d410d8ace23ea6874a8600
SHA256 f4e5db1097562912ad441fa83ae6c864d841f86132f69faaab9605e16e939360
SHA512 c9e85a27ad90f8068286433264cd6beab549202f3b02b5641b58daa0aae145cca8f11fb455f1b0bdcf0beff43ada9d69338eb3dfc737870c5684b684ff687ff1

C:\Windows\System32\CatRoot2\dberr.txt

MD5 6671e3f2cd6cd6f92e33c0e6bad6d884
SHA1 817b898b08bcbc32edfe827d2eb0a7df6a326f66
SHA256 4ff9f7226f318c08e102b85ce237aa5655e55214dd3306dd54ff97f6d1938538
SHA512 4e602729e0280e1a4aae511ef116006dfd7b981a4612d154ba6f63f834a365ab576ac727a3bf16f8e8d227d9f4b7127523e438037e8b3ed423435923854865c4

C:\Windows\System32\CatRoot2\dberr.txt

MD5 e616a09aeced234955be80447f51cb13
SHA1 d53b912712497116c5dc531dde197177ab95c145
SHA256 9d3602f66821f7a1f3edfd7676f46d60cb0ece97282bd2e6775b39df91832169
SHA512 fbfe3baa8bbd103372a2b3d72b97ef61991d9f01084dfe774f0353ae19a45b67df2c6b29ca64be511ccf1289ece02acabffd4fe7dc376adc2cdec64e4794a9cc

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\checked\amd64\qcnet.inf

MD5 fce20a06bf286593deac0fd30e099f10
SHA1 21d5165ed9bbe48e17d25eceb11ecd46526a12b1
SHA256 03d3a46718cf93e089c8b50549a0056433022c4bf85071acf7bf09cff2eafadf
SHA512 b7bba2733f7973f1b9b67b6de0f4227590a63c41f2f712c3cbe9e4e40821604652a3dc3a663c46cb4789f0248d404f0fdb2f382ddd24e54b431671eee0901b13

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\checked\amd64\qcusbnet.cat

MD5 ed55a968717d6f8a604a7fd11a4d799f
SHA1 bef0d37c21c43221958c185ad9ff1f6273b2497e
SHA256 2d416c0ee1719ff67c413b0ea32440b27da110f9ff0e0d8fb8efbca1363a69b6
SHA512 b96142d59022ed58209e28ee0e40709094e78641c75c71a4ab678f9ab0ec52cade345bf918fedca3880036266f41b62933c503d97304e18e5d6ffd8649216708

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\checked\amd64\qcusbnet.sys

MD5 75376bb74d6554ed28d1e5ed4a15b00a
SHA1 58b9b963db488f6df2e9559b0bd566eadf0015c0
SHA256 006a71fcf1bbc0a974ab3200746b2fedb36a9e708e3e855aaa9aa30f1cb76117
SHA512 b2fcc4c4f4154b2466d8ca748a3cecfd90214ccf223175079fa52e6b2e6292fd1174a99ee174d2fb7e83bb946917f39d080ec7ffc47df989c8cb82a8982fe9ea

C:\Windows\System32\CatRoot2\dberr.txt

MD5 8b213431120cd92dda72777dc80ed75d
SHA1 8ec6b3ddf9579f7fd6db299203cd4fa8019a1ca8
SHA256 27084917d149625657ee979c9de6af9168563770355cba9a4d7d3e29c580925b
SHA512 e92d84f50ad762dc4d279a970250d2c2c5072b19bc5617cea91997ac7e701c1bb3ede9625ac26055ac6ebc42f350853fd6dd176aa458677153de5f082fb37239

C:\Windows\System32\CatRoot2\dberr.txt

MD5 4a2d778b6908223181db651cab1272ff
SHA1 35700aed02886aa8c88a0ce857396ce2d2b6fcd7
SHA256 abafaa2aa1aa63d46e6871c33f50786991a05d3b147736beabc37276a5be2a0d
SHA512 cad028820aec0203b6e6c8e71c46336e3791a4c2d4d6f94f5bcdc9b98fe551c6fa1f598ead222435cbb7b00b3920e76149d393ef973654ef53c9582e4ee52598

C:\Config.Msi\e585957.rbs

MD5 a0d8080225423e40027ff92f05133d45
SHA1 67066a5cb4a4a7e97a469511bc45ea72372c4190
SHA256 88ac2e26ef68f295b0a9cbccae45c6c1297d9daa0a5aa35633ffc2355a5ada80
SHA512 1f8f55ce18bf89012880dc6b6260bcb3e1693f02f7b44e2b2bf7490f5192186b7c0be1fd2062389ab5008a6baf968a11d8f3473494b09f0a425a0a04c39d5481

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-14 03:27

Reported

2024-11-14 03:28

Platform

win7-20240903-en

Max time kernel

51s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe"

Signatures

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 0f00000001000000100000006ddadd99f8acd9ca1175000029c4679e030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\system32\DrvInst.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\filter C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\SET891E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_neutral_ff127a0fe370f822\qcser.PNF C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\serial\amd64\SET8B2F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\SET8B41.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\qcser.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\SET8E4B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\ndis\6.2\amd64\SET8E5D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_neutral_808b75773fb87a2b\qcwwan.PNF C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\SET891F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\SET8B40.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_neutral_86d0444f2a27bb9f\qcmdm.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\SET8E4B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstrng.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\SET891F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\ndis\6.2\amd64\SET8E5D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_neutral_808b75773fb87a2b\qcwwan.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\filter\amd64\qcusbfilter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\filter\amd64 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\SET8B40.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\SET8B41.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_neutral_86d0444f2a27bb9f\qcmdm.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\serial\amd64\SET890D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\SET85C4.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_neutral_afb4df27bf37e5d2\qcfilter.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\serial\amd64\SET8B2F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\qcser.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\ndis\6.2\amd64 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\SET85B3.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\serial\amd64\SET890D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\SET891E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\serial C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\qcwwan.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\qcwwan.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\SET85B3.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_neutral_ff127a0fe370f822\qcser.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstrng.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\ndis\6.2 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\qcfilter.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\qcmdm.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\SET8E4C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\ndis\6.2\amd64\qcusbwwan.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e}\ndis C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{67f0a281-92a3-3114-d0da-3863fa56c375}\qcser.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{05979e05-2bd8-0819-3dc0-d9524d5ff048}\serial\amd64\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{59d9b06b-e6db-5f66-5e62-0d314d34cd6e} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35}\SET85C4.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_neutral_afb4df27bf37e5d2\qcfilter.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3c0afd55-1e9e-5c03-75c8-2213efeb5c35} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\i386\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\qcusbtest.cer C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriversInstallerCA.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\i386\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\i386\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcwwan.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\amd64\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\amd64\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\readme.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\logReader.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\amd64\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Difxapi\i386\DIFxAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\i386\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcfilter.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\i386\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\amd64\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\amd64\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcwwan.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\i386\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\i386\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\amd64\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\amd64\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcfilter.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\i386\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\i386\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\i386\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcfilter.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\i386\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\i386\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcfilter.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcfilter.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\i386\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcfilter.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\amd64\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\amd64\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qdcfg.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Difxapi\amd64\DIFxAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\i386\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI7899.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI7BF5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem2.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f777752.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f777753.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\oem2.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI8F76.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f777753.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f777752.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f777755.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductIcon = "C:\\Windows\\Installer\\{D9FB7F91-9687-4B09-894D-072903CADEA4}\\ARPPRODUCTICON.exe" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\PackageName = "QualcommWindowsDriverInstaller.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A\DefaultFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductName = "Qualcomm USB Drivers For Windows" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\PackageCode = "D2332B5902B158040AD21C5335C54944" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Version = "16777241" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\cmd.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\cmd.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\cmd.exe
PID 2636 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\cmd.exe
PID 2740 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 2740 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 2740 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 2636 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\system32\bcdedit.exe
PID 2636 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2636 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2636 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2636 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2636 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2636 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2636 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2748 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2748 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2748 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2748 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2748 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2748 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2748 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2788 wrote to memory of 2664 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2664 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2664 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2664 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 3056 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 3056 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 3056 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 3056 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1724 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1724 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1724 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1724 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2720 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2720 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2720 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2720 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2932 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2932 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2932 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2932 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2640 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2640 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2640 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2640 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2064 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2064 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2064 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2064 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2632 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2632 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2632 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2632 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1872 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1872 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1872 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 1872 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2880 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2880 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe
PID 2788 wrote to memory of 2880 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe"

C:\Windows\system32\cmd.exe

cmd.exe /c bcdedit.exe > "C:\Users\Admin\AppData\Local\Temp\usbEBA6.tmp"

C:\Windows\system32\bcdedit.exe

bcdedit.exe

C:\Windows\system32\bcdedit.exe

bcdedit.exe /set testsigning on

C:\Windows\SysWOW64\msiexec.exe

msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi" REBOOTNEEDED=1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B63C597D20B2D086C1F1C496DD34AA27 C

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D9E49AC9-836B-4CEB-957E-ECB79428E1AE}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{481C9BBF-A5EB-48A5-A7B1-0B3FAF59E816}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0C56CC23-ECA3-449F-B771-51B75034B76E}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6CBF6CC-30D2-4EC2-B0B4-0F64934E01E8}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{238C14E1-E7B0-4F61-BA1F-2673C52CDFBF}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{80FF7321-733A-4173-8FA5-A2B5550C5546}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{495AF061-8FD2-43D4-892E-13A3CB5D1662}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C4620956-4A80-47E3-9882-54B2596EE12A}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE5BBC20-109D-456A-BA3D-2175BD4410A8}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E470DCD7-10D4-4268-AFFF-674036E3D474}

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0403C2E3-DA94-481F-980E-E6E5E0E6F768}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000338" "00000000000005C0"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 86D08105C142C7BB1552DF516333E48E M Global\MSI0000

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe

"C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe" "/I|0|C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{55a90775-1ac2-07bf-2c48-fa12d0083744}\qcfilter.inf" "9" "6342d598b" "00000000000003EC" "WinSta0\Default" "00000000000005C8" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{7c501cb0-cf18-61f5-d0f7-2f39793ca42d}\qcser.inf" "9" "60f02979b" "00000000000005C8" "WinSta0\Default" "00000000000005C0" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{67d8aa09-8d93-43dc-0159-ba4ffd893558}\qcmdm.inf" "9" "62223751f" "00000000000005C0" "WinSta0\Default" "0000000000000494" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{42bedd55-68dd-6998-3cc6-9c5d3bbf734a}\qcwwan.inf" "9" "64190a197" "0000000000000494" "WinSta0\Default" "00000000000003EC" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\usbEBA6.tmp

MD5 d0ec9caf1f5043f2f18e5036bf52f906
SHA1 3c2ea531b8c32a46df7fa7487d0e032186113bf3
SHA256 2354561d97a544535006ab16082ea10d816417986af839b86e255a6bb385cb60
SHA512 6f3dcaa78fefac7445df1da3ec695ae66f16cc8c8cd9db6eb8b203144a3af267d8357eb897fe6ed6b073f2c2d83f612cab41612134873659fb5528ec0e6b90ad

C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi

MD5 2c35cb1d6bc7e9e2c1fd18e401de3a02
SHA1 cfba57b4d521dc1d9bd5f226ab954f7ec8da3108
SHA256 ec29ea59edf79119f5cb06fc7e742cd191652e2afebb223d94a98b38dc7c3c5b
SHA512 fe2ee417f6bd8687116297c4c09872aa8d5c9e1cb048fe792befc494dddc0f2a100f21680b210fcace2b0562055ce9443091e409e74e1136c8b2c9643c0ed2b5

C:\Users\Admin\AppData\Local\Temp\MSIEE45.tmp

MD5 7a2798d06f6ff4bb08381e75e1202277
SHA1 123875bd02231d8e06d234e400f64ebb6ce622f2
SHA256 c73541a041134a4e9d7e9e5f68aef83fa3f6caad9e9b44b7cba52cd5441a38de
SHA512 16784c47c85b5c446422d6c17c933fbe1bd0b4f02bf43d487b404180c2b53567e587c527b5c4b23c4af96780499e01e5871fb67ccbf83d5ed90df433f15a120a

memory/2788-8-0x0000000010000000-0x00000000101B5000-memory.dmp

\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISBEW64.exe

MD5 c3b2acc07bb0610405fc786e3432bef9
SHA1 333d5f2b55bd00ad4311ba104af7db984f953924
SHA256 9acc6cb5d01a4e4dbc92c8774c6999fab5f0e49f097e83098ba740842f5a2894
SHA512 2438e5dd11c8322101d9dc2d0f89ed0b1fc3cb5a65f644a1cf07f4c5a7f353c648e715fb910e09a444b623b3384eecd628e312608bcec63aa3b0107630df32bd

\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\ISRT.dll

MD5 a93f625ef42b54c2b0f4d38201e67606
SHA1 cbfebc1f736ccfc65562ede79a5ae1a8afb116a1
SHA256 e91a865c3d60d9d0bce5d5a0a2f551c5e032d5bc13bc40f85091ce46d38064e0
SHA512 805f0d535022de3d03aa191239fd90c54f2f6745bf02e0ce9cbe59ea34eecac7f9ebb600864c7cbcad5d011fa61bdb5b65889136617edc44178f87bd3970b198

memory/2788-32-0x0000000002FC0000-0x0000000003067000-memory.dmp

\Users\Admin\AppData\Local\Temp\{A9567A6B-D7C2-486E-9854-CC5E57C89892}\_isres_0x0409.dll

MD5 d6bbf7ff6984213c7f1f0f8f07c51e6a
SHA1 cfe933fc3b634f7333adec7ec124c14e9d19ac21
SHA256 6366e18a8cbf609c9573f341004e5c2725c23a12973affa90ee7bcc7934ae1b2
SHA512 a1364c96848f54b241c8e92ed1887ca599255c8046e31af11cd4b0b23d97c00243808dff9086a536c0084d6815223685283844a9e27f2c20c4d3b85a794a9e9d

memory/2788-35-0x0000000003240000-0x00000000032C9000-memory.dmp

C:\Windows\Installer\MSI7BF5.tmp

MD5 b6541521eb9416a8d3e7b270004cbf94
SHA1 a2d8068af48aef0bab56076acb298ac972b06c96
SHA256 64454a4208e513f13b3e8f3f011659537d02f6900d8ddff0303055b85cbceee5
SHA512 481484e33cf8509ff3397c393932481cf59c3d4ee6898526d7772e4d40fd8540731d30729b9d5aef675c12a9fcf53ea21364a68d8c1016fcf27060871f0099a0

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\testCertificate\qcusbtest.cer

MD5 c54c242c03112b67ddd41e5c8a43dfe1
SHA1 b1a014eab85e99467a8164d1f8a4095900365668
SHA256 d7f2c685f0aadf936bf6cc96c8ff5a9bb79973c6a0bc9ddd98f30813f20760f6
SHA512 f9abe673c806102835728a3d913c3f361c3e6ad305873b42d4a902e9de2ab930d7065c70fdf178a47a58bc44c2927ef040229d2325dca6d10d9e9dbb9907a31f

\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe

MD5 d0ff20741bde67aaa8bfa794a262e3f9
SHA1 61e078afe885865dfa4f7a3d00086515efedc35a
SHA256 196dd86ab07bc1b70536b1d643ef09db88d3e23df6db808a9e2d2136c0c4a95e
SHA512 e6c6f5e7adfc8f952887524ce82136050220ad7cd7a1b63dd3ef272b537304dd0ae80831859c627ba0f927aefa2542a63d0f40b8e1ccdfd29c78c9cda669bfd4

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DifxApi\amd64\difxapi.dll

MD5 9495b07f33ded991c65d9b04945d44c5
SHA1 db9d5ec47980eb0709faba0cda283ff99d643b7c
SHA256 bf0798d3a4540b15f45c5b329798a2ac532ff693764948b9b4757265e145216e
SHA512 36ff4bd8b252f78a91a8e205bda17bd7f159a11f1616f5bf90fa08164201c272efa817c3974680603ab19a2086ce4dc3a26a504ee811d5a530ccc9e8af6d4815

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.inf

MD5 3b47a5b6aafcb9c14aabf6e167176dbc
SHA1 5626201ac532cf1aca233b526a36e004cd8042c5
SHA256 da81dcf11682b118e30f087cb8982a01453f7dedee7e737dfc1da426347dece4
SHA512 3fb49919355b54e16b5e839d0d16355a64ef6fcff0107c70463514c75bee4aff637416d61d8ffabc25356a950696e3d81abe313d0775a00fbaa62a7cba8c7a3a

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.cat

MD5 bf318bfa1a1a5d9b1d4ef7505b06de55
SHA1 560a99f3946d2b5afb726ec2ca64734f9cb86678
SHA256 c59ae022b54775856ac59dbcf82cfd6cc1552470203adacbaf8c2af6cae2d8a2
SHA512 00c1ee59ed8d90539b13a44125897a80e8981cba3cb3c01c1d97c556eee3a44c8f6f546d770e5bb3f0e9e581d2b98ae5ef94885aa32779524ab7d409362b5e10

C:\Users\Admin\AppData\Local\Temp\{55a90775-1ac2-07bf-2c48-fa12d0083744}\filter\amd64\SET8558.tmp

MD5 0cf388b7a9caa153efc42fccc73b103b
SHA1 2438e02626a62999e8095650e20edec758b9d56b
SHA256 4c97c8ace5c0169c423ac9883b55ea25d3a5679203f96d4608816bd595d19888
SHA512 4dd32b100c094e6d597341880dc8a42fa7d6e315770a8b3c3c21ded7638dde351f953123b77035217d58c165029a7e66220913a49f45ad697d6a5c90cd51bacd

C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_neutral_afb4df27bf37e5d2\qcfilter.PNF

MD5 8e851088a9f18e79b7ba8d6237ff16b4
SHA1 64f9a1f4ebb9abf3a8fb4b78d5410db4f7f71edf
SHA256 883dd12bb1de2303087c38c8823144f85a368c539cd38e46f77417fb39957a35
SHA512 2f3442c5b75260efdbd5fbf76d5941efcaea407f41cb32255be49d2c196a5456ab04661135d2e61ddab81eef9c7c2d3869da48b0ba1ceaafcbb542e4d913f3f6

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.inf

MD5 1b05ce04965aaefcd5013db078d766e7
SHA1 8a0e5d6bedfbedf29f27d4285cc22c22a9a9e4ba
SHA256 86c4fc19d53c800431bffea5155c127be83a890b23890bce604ff592bae663e4
SHA512 d0a8ecc53f1e802c5c797250673db4ba7ed9c58ae5fb2247cad8b98ebf8bb9443fbdeb9b5bb3b7d845296785b1a517fb718dc5574feafce146a13521d2eba1e7

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.cat

MD5 f544ef1aeae211632ee2baeb4c9533da
SHA1 11b92a739ff19471dd23d8898cc1cd6a87126193
SHA256 b86e2a53844268be164723394aaf2009f2a2d378c569d418a418ade6560347ab
SHA512 341e8c6fd8fcf683d929ace1c26749a2471d8df39a047707f42476cfa72f56bb5edf30185d0dcb214953ff5c519710b8b4fa86dad0ccfd6516de3d6e057c9340

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\serial\amd64\qcusbser.sys

MD5 c928dda454290e783b5ad8d074d43d2a
SHA1 29310bb273166edb327a5cd27214adc493dca2c3
SHA256 ca4392cd34163682260850aa1eeb6f7fce1eed59ce9d491a5e18cdba4c7a6225
SHA512 cfb86bb62766969a9b9de7febd2cd18a267cfb6837d5827600dea6c2450db4697d047b2843412c84f0e592d275a1673cf4c58ec6a08950ba41d12dc0d5d38144

C:\Windows\System32\DriverStore\INFCACHE.1

MD5 b0d43b038d1a6bf1c91c51d081431365
SHA1 2531b23f99419be7a4c165f4865ed0e7b791a530
SHA256 cf40333e3d5841778bd725382a7fe123d33013ae100791b23341e27478719d4c
SHA512 bf80b85d96ada37db746289f2567cf757ae07fd94ec38a9d31ff78da00fea29f868dd619acf485ddc128d3350781f0e82a6d4377cbc3904b8943a22cf1352284

C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_neutral_ff127a0fe370f822\qcser.PNF

MD5 c2c33934e33b48930964b89179ca8890
SHA1 b451954433cf905c6ffbf1b378ddf0fb1076808d
SHA256 52615c8941fb29e37eb88eed71f700873b4556c6e3f8f842359aa17eaf3ca425
SHA512 78055e1aa731246a8c6d8e046088ab7e062d35dc6813ae31a25fc20841e93dd6db36e8724f83145e0142392f9d3e6fc115e776282b65a102b53652d6407947e0

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcmdm.inf

MD5 8657cbc04b03c82c01fc99d0cb305a5d
SHA1 79bc5613593eee933c471e90b57f699ec8c406b2
SHA256 ed2d4abc492f8d84dc9ef2dc1a1edd0edfe32b57e453287c882ba1584521159d
SHA512 ec7cb8089625ca96a3a41ef6e8066666bded645449d321d4942216a91e36a9b47629a3b77a673547400e6677a4ee9a836bda99d9b2670980e3b6a66d6be7ba16

C:\Windows\System32\DriverStore\INFCACHE.1

MD5 e294f6eea9b9ec8f9135f1737f6e0319
SHA1 68a4b8ca2e6c5cfda827065aeecc2587522fcd48
SHA256 b6903adef90745439adf5dbf743d6a1bfe5ea0e81fda83f2a719c09343205a89
SHA512 7ff901be6ef4e97cf11d61a857de1e7d08533a7ae65e5f6a66024ac46aedcd9432e91977fac32f11b32ae8c9049d0f0e98c7bdad9007054a8dbcb83c6c824586

C:\Windows\System32\catroot2\dberr.txt

MD5 67e4bf3027750b8cb34faa861c24d8b5
SHA1 b619da9abf24d01ba3b181fba3d21b8cbb4d7ed7
SHA256 ddc98b051cb988dff6890b27dffded6e7c2169f59ede51d2975dd63de46f4a6e
SHA512 12b09ab126236995d587fb70552bf0d64277050b8e574e4cdc455b1c9026639ad7422c851618adc816e19fd93894590183038193018f1657ccb26ce93693dc76

C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_neutral_86d0444f2a27bb9f\qcmdm.PNF

MD5 69ac7fcd53c62b09da41be9afc864fcd
SHA1 86416f8d2fb2a1bd38d31a146527ece8ac10db02
SHA256 15fe9141401aa662eca199e0d2bbe86ab127d394bad80021b0930e3efe818aca
SHA512 8d476185926245c60490d54e90a4fb44e231c3ad88a76d3d9fa5b6baf7d80e456bf6e247e9af2b4138217d9eeb15ab8c262ce17465cd84e5480cc081191e8f02

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcwwan.inf

MD5 4cbc5ea952221fe23e67cc9c92ed6fd4
SHA1 c34a227526919b64666e2d922bcf590d31010f8d
SHA256 6d7dd3a360534555dd9e264df0696381345919e861d8d3068b7ef870a9e23c95
SHA512 245b237c928a4d9ee33d72846006736714003fa6cb1e63971a630197bfc126c268dc1571b1d7b9dfb4e35eead20057102b7f366048fa0733a16e28a0802f5473

C:\Users\Admin\AppData\Local\Temp\{42bedd55-68dd-6998-3cc6-9c5d3bbf734a}\qcwwan.cat

MD5 08880d7186197d3399ab480112610f08
SHA1 7ff42e81ce7edaf6ea8f294677d467483d3121ad
SHA256 50c2aa490e162d15ea5c772536df7213783459da5562bf5195b617a96d3ecd97
SHA512 efdcf57adb85f68e52f8ea23730148eb38cce655d6a3f014ef9d953835a700f555bfd3fd893b862a7c09cf0b27682859971637c03ccf8cc514a79d8a2f2cc8e9

C:\Users\Admin\AppData\Local\Temp\{42bedd55-68dd-6998-3cc6-9c5d3bbf734a}\ndis\6.2\amd64\qcusbwwan.sys

MD5 152836dbdcd22225eec3cb258241dee9
SHA1 5cf6bc817d458a5e09896177bb7e8800a3acb382
SHA256 ed15de767cc38cb65817e6925985aa54813df3065af22f175bcf2e80495fefe6
SHA512 103094d492dff98fbbf6107320924cc121a1d48b31cd6f5e68f7b66ed63e29f282b471af2f40cee86cb396718da6c1b646babfa13f4e6fe44cb88488c4733c87

C:\Config.Msi\f777754.rbs

MD5 6ffe44695c80d9bf6b2023f3a7f05244
SHA1 9ae624eaa89c3925506f393e545e835617ae7252
SHA256 9cfd01c54774b3e4065c0a8296cfa48be2d74dcb4ab2ef21f4fc4ded153ca741
SHA512 8178b1c8b28214fb4fdffe76b0048d5788e9153a3347932742c9b979921ed61bbc17cec1059a99b3d20492e769f3208b7a6af23c175c72d663c3f0509335b28f

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-14 03:27

Reported

2024-11-14 03:29

Platform

win10v2004-20241007-en

Max time kernel

59s

Max time network

66s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe"

Signatures

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\bcdedit.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B1A014EAB85E99467A8164D1F8A4095900365668\Blob = 0f00000001000000100000006ddadd99f8acd9ca1175000029c4679e030000000100000014000000b1a014eab85e99467a8164d1f8a409590036566820000000010000004402000030820240308201a9a0030201020210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d01010405003021311f301d06035504031316555342486f73744472697665722854657374303033293020170d3037303130313037303030305a180f32303939303130313037303030305a3021311f301d06035504031316555342486f737444726976657228546573743030332930819f300d06092a864886f70d010101050003818d0030818902818100a59883d7a5c003332313b71bedda1d9fb00e610ed1696fd88a7301fc7126c4e65071d6841b50bec975b9b64ec402aec86ff7bd65cbce59194afa6fb8d475b2df996f8e33a8397080026491eb0a660303c32166b3102465f541cd921a34ac247c6d244cdf4d9708823f5b629e9443b17c0857a2243a67d96719a01665c35aa71f0203010001a3773075301f0603551d250418301606082b06010505070303060a2b0601040182370a030630520603551d01044b304980100d6a4b5c95abba9051259f831341a423a1233021311f301d06035504031316555342486f73744472697665722854657374303033298210079a142b6c64fcb747f2d128ff19c8f8300d06092a864886f70d010104050003818100425c509f713df8ee5d0812c7b27309f0b0b84ef7b1c804098c8d14a5e87ea51b3657d15871eb142193244504db815ade10ed494ccaafab7c5359be24ae1d5b80d9d67f31796db28a55e24adf75f17ad0b80d3c8d4d76cee5dd36e7af5ea0dd89c6d83450500411da9b263bc6990f89984b59e18c422ee1c7139f1acc52dca54f C:\Windows\system32\DrvInst.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\SET40CD.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\SET40CE.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\SET4245.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\ndis C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\qcfilter.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\SET3C4A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_ff127a0fe370f822\qcser.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\serial\amd64\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\ndis\6.2\amd64\SET4265.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\SET3C49.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\qcwwan.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_afb4df27bf37e5d2\qcfilter.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\SET3E2D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\SET3E2D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\SET3C4A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\serial\amd64\SET40DE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\ndis\6.2\amd64\SET4265.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\ndis\6.2\amd64\qcusbwwan.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\serial C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\qcfilter.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_afb4df27bf37e5d2\filter\amd64\qcusbfilter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\SET3E2E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\serial\amd64\SET3E3F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\serial\amd64\SET40DE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\ndis\6.2 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\SET3C49.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_86d0444f2a27bb9f\serial\amd64\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\ndis\6.2\amd64 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_808b75773fb87a2b\qcwwan.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_afb4df27bf37e5d2\qcfilter.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\filter\amd64\qcusbfilter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\SET40CE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\qcser.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\filter\amd64\SET3C5A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\filter\amd64 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\qcser.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_ff127a0fe370f822\qcser.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_86d0444f2a27bb9f\qcmdm.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\SET4245.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\qcwwan.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\SET40CD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\serial C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_ff127a0fe370f822\qcser.PNF C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\serial\amd64 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_808b75773fb87a2b\qcwwan.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\serial\amd64\qcusbser.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{42d5f242-a138-264f-b654-34041aa2563b}\SET4244.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\filter\amd64\SET3C5A.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\SET3E2E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5747a9fe-28d2-6b47-bcf0-88a00beda994}\filter C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8de02e82-6310-4a4b-a853-ee8d3f04768c}\serial\amd64 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{956a2aa9-4a08-f444-926c-5f0187993a42}\qcmdm.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_86d0444f2a27bb9f\qcser.cat C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\i386\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\amd64\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\logReader.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\i386\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\amd64\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcfilter.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcfilter.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\i386\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcfilter.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\i386\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\i386\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\i386\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcfilter.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcwwan.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcser.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\amd64\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriversInstallerCA.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\amd64\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\i386\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\i386\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\qcusbtest.cer C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcser.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\i386\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\amd64\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\TestCertificate\readme.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qdcfg.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\amd64\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\amd64\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcfilter.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\i386\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\amd64\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\amd64\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcfilter.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcwwan.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\i386\qcusbnet.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcmdm.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcnet.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcnet.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Difxapi\i386\DIFxAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\i386\qcusbwwan.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\amd64\qcusbfilter.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\i386\qcusbfilter.pdb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\i386\qcusbnet.sys C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI2CB8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI4449.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e582b05.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e582b03.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI33AE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\e582b03.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\SourceHash{D9FB7F91-9687-4B09-894D-072903CADEA4} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\PackageName = "QualcommWindowsDriverInstaller.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductName = "Qualcomm USB Drivers For Windows" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Version = "16777241" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductIcon = "C:\\Windows\\Installer\\{D9FB7F91-9687-4B09-894D-072903CADEA4}\\ARPPRODUCTICON.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A\DefaultFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4\19F7BF9D786990B498D4709230ACED4A C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\PackageCode = "D2332B5902B158040AD21C5335C54944" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4340 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SYSTEM32\cmd.exe
PID 4340 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SYSTEM32\cmd.exe
PID 3988 wrote to memory of 4708 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 3988 wrote to memory of 4708 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 4340 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SYSTEM32\bcdedit.exe
PID 4340 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SYSTEM32\bcdedit.exe
PID 4340 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 4340 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 4340 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2652 wrote to memory of 4712 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2652 wrote to memory of 4712 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2652 wrote to memory of 4712 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4712 wrote to memory of 3660 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 3660 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 3092 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 3092 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 3896 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 3896 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 3112 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 3112 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 4592 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 4592 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 1324 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 1324 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 2872 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 2872 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 2684 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 2684 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 5068 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 5068 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 2848 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 2848 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 1756 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 4712 wrote to memory of 1756 N/A C:\Windows\syswow64\MsiExec.exe C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe
PID 2652 wrote to memory of 2868 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2652 wrote to memory of 2868 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2652 wrote to memory of 432 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2652 wrote to memory of 432 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2652 wrote to memory of 432 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 432 wrote to memory of 3688 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe
PID 432 wrote to memory of 3688 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe
PID 1996 wrote to memory of 3444 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1996 wrote to memory of 3444 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1996 wrote to memory of 4052 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1996 wrote to memory of 4052 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1996 wrote to memory of 3316 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1996 wrote to memory of 3316 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1996 wrote to memory of 1268 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1996 wrote to memory of 1268 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\QDLoader HS-USB Driver_64bit_Setup.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c bcdedit.exe > "C:\Users\Admin\AppData\Local\Temp\usb8DE8.tmp"

C:\Windows\system32\bcdedit.exe

bcdedit.exe

C:\Windows\SYSTEM32\bcdedit.exe

bcdedit.exe /set testsigning on

C:\Windows\SysWOW64\msiexec.exe

msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi" REBOOTNEEDED=1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 35956BBCED3B864A1CD0CCC56DF4005B C

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CA85577-D2E7-40AC-923E-645608F3821D}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E78C40B5-24FF-4432-81BF-E5EA74FD7E63}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{544940DA-C659-42D4-BC06-04E25B0AECEF}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6283B16A-CC82-4639-A246-525785036989}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9DCB984D-A7AE-4510-8189-D33A4C5FA10A}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FF3466C6-D3B1-4DB7-9ADD-107EF259C445}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{09A44434-C855-45C3-9321-97EFD44C685B}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD540F77-9174-47A2-B2DC-F9BCB39F487C}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75B9DDFE-D845-41F3-8B70-B4DA593CACEA}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4573A51B-5FB6-4E49-BDDA-41EACADFA914}

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{104F7E4E-BE55-4D31-8AB7-05C2972FA4DF}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DCC4A517BAD7DC5BD4F7851DCFDBE9A3 E Global\MSI0000

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe

"C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe" "/I|0|C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.inf" "9" "4f0333d67" "0000000000000138" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.inf" "9" "4417f2877" "0000000000000158" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcmdm.inf" "9" "4f8e1879b" "000000000000015C" "WinSta0\Default" "000000000000014C" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcwwan.inf" "9" "47c727a63" "000000000000014C" "WinSta0\Default" "0000000000000138" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38e6055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\usb8DE8.tmp

MD5 dbfffd508656be4abb1c8019501f1928
SHA1 b8c5cdcc20d165f31a09875b08c0310a5b883e4a
SHA256 7df00dbb8a77e7f95c3e060d576bb36780ac2190f4d7a680d7401fb481521064
SHA512 74ce39567d86c5f5831b5d486654fb4541ef78945aafead36a785af1efaaa1bba45095c175884363755bdc680be21f180eca7e558cf0f7eca5865c270b1c619e

C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi

MD5 2c35cb1d6bc7e9e2c1fd18e401de3a02
SHA1 cfba57b4d521dc1d9bd5f226ab954f7ec8da3108
SHA256 ec29ea59edf79119f5cb06fc7e742cd191652e2afebb223d94a98b38dc7c3c5b
SHA512 fe2ee417f6bd8687116297c4c09872aa8d5c9e1cb048fe792befc494dddc0f2a100f21680b210fcace2b0562055ce9443091e409e74e1136c8b2c9643c0ed2b5

C:\Users\Admin\AppData\Local\Temp\MSI9441.tmp

MD5 7a2798d06f6ff4bb08381e75e1202277
SHA1 123875bd02231d8e06d234e400f64ebb6ce622f2
SHA256 c73541a041134a4e9d7e9e5f68aef83fa3f6caad9e9b44b7cba52cd5441a38de
SHA512 16784c47c85b5c446422d6c17c933fbe1bd0b4f02bf43d487b404180c2b53567e587c527b5c4b23c4af96780499e01e5871fb67ccbf83d5ed90df433f15a120a

memory/4712-8-0x0000000010000000-0x00000000101B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISBEW64.exe

MD5 c3b2acc07bb0610405fc786e3432bef9
SHA1 333d5f2b55bd00ad4311ba104af7db984f953924
SHA256 9acc6cb5d01a4e4dbc92c8774c6999fab5f0e49f097e83098ba740842f5a2894
SHA512 2438e5dd11c8322101d9dc2d0f89ed0b1fc3cb5a65f644a1cf07f4c5a7f353c648e715fb910e09a444b623b3384eecd628e312608bcec63aa3b0107630df32bd

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\ISRT.dll

MD5 a93f625ef42b54c2b0f4d38201e67606
SHA1 cbfebc1f736ccfc65562ede79a5ae1a8afb116a1
SHA256 e91a865c3d60d9d0bce5d5a0a2f551c5e032d5bc13bc40f85091ce46d38064e0
SHA512 805f0d535022de3d03aa191239fd90c54f2f6745bf02e0ce9cbe59ea34eecac7f9ebb600864c7cbcad5d011fa61bdb5b65889136617edc44178f87bd3970b198

memory/4712-30-0x0000000003310000-0x00000000033B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{2BEB360F-ED9C-4ACC-8657-56EEE46091C3}\_isres_0x0409.dll

MD5 d6bbf7ff6984213c7f1f0f8f07c51e6a
SHA1 cfe933fc3b634f7333adec7ec124c14e9d19ac21
SHA256 6366e18a8cbf609c9573f341004e5c2725c23a12973affa90ee7bcc7934ae1b2
SHA512 a1364c96848f54b241c8e92ed1887ca599255c8046e31af11cd4b0b23d97c00243808dff9086a536c0084d6815223685283844a9e27f2c20c4d3b85a794a9e9d

memory/4712-35-0x00000000034B0000-0x0000000003539000-memory.dmp

\??\Volume{625ed6c4-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{ffe3547c-ead3-4844-8536-78a6180b12b8}_OnDiskSnapshotProp

MD5 620b82ea4ac504a3775e5f80c4f0d64b
SHA1 d1864b2846ff7200e88d8700e9e2720717689c58
SHA256 9e933bc0990081607f87cf16982e7caa4edc62faa8bc0219f42969d3f874f63d
SHA512 7e73a9aaf7e2036a5099f71d401dfef012b7972bcd43b303011d77b17e8d2a78d9724c57c2c63894032e9d97fc525c6f7052ccec652fbbb03b7e161f091bdacf

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 40afac887706c1739ad1d98a694d13ce
SHA1 7da8c92d2c519db7ce4660eabec491c57069d2d0
SHA256 85eeb971f802db4a8109f2ddaf6d7844f2eee0922fe6e1bd9a2995a676abec0d
SHA512 1fa3f7b81b66dcdbb4b10ecb24be7cc43f3b03746a1a48f76a8fdac20aa2276e3238a294d9b2e3c767a9262409bd96949b699fee72bef5e78883911602967a8a

C:\Windows\Installer\MSI33AE.tmp

MD5 b6541521eb9416a8d3e7b270004cbf94
SHA1 a2d8068af48aef0bab56076acb298ac972b06c96
SHA256 64454a4208e513f13b3e8f3f011659537d02f6900d8ddff0303055b85cbceee5
SHA512 481484e33cf8509ff3397c393932481cf59c3d4ee6898526d7772e4d40fd8540731d30729b9d5aef675c12a9fcf53ea21364a68d8c1016fcf27060871f0099a0

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\testCertificate\qcusbtest.cer

MD5 c54c242c03112b67ddd41e5c8a43dfe1
SHA1 b1a014eab85e99467a8164d1f8a4095900365668
SHA256 d7f2c685f0aadf936bf6cc96c8ff5a9bb79973c6a0bc9ddd98f30813f20760f6
SHA512 f9abe673c806102835728a3d913c3f361c3e6ad305873b42d4a902e9de2ab930d7065c70fdf178a47a58bc44c2927ef040229d2325dca6d10d9e9dbb9907a31f

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe

MD5 d0ff20741bde67aaa8bfa794a262e3f9
SHA1 61e078afe885865dfa4f7a3d00086515efedc35a
SHA256 196dd86ab07bc1b70536b1d643ef09db88d3e23df6db808a9e2d2136c0c4a95e
SHA512 e6c6f5e7adfc8f952887524ce82136050220ad7cd7a1b63dd3ef272b537304dd0ae80831859c627ba0f927aefa2542a63d0f40b8e1ccdfd29c78c9cda669bfd4

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DifxApi\amd64\difxapi.dll

MD5 9495b07f33ded991c65d9b04945d44c5
SHA1 db9d5ec47980eb0709faba0cda283ff99d643b7c
SHA256 bf0798d3a4540b15f45c5b329798a2ac532ff693764948b9b4757265e145216e
SHA512 36ff4bd8b252f78a91a8e205bda17bd7f159a11f1616f5bf90fa08164201c272efa817c3974680603ab19a2086ce4dc3a26a504ee811d5a530ccc9e8af6d4815

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.inf

MD5 3b47a5b6aafcb9c14aabf6e167176dbc
SHA1 5626201ac532cf1aca233b526a36e004cd8042c5
SHA256 da81dcf11682b118e30f087cb8982a01453f7dedee7e737dfc1da426347dece4
SHA512 3fb49919355b54e16b5e839d0d16355a64ef6fcff0107c70463514c75bee4aff637416d61d8ffabc25356a950696e3d81abe313d0775a00fbaa62a7cba8c7a3a

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcfilter.cat

MD5 bf318bfa1a1a5d9b1d4ef7505b06de55
SHA1 560a99f3946d2b5afb726ec2ca64734f9cb86678
SHA256 c59ae022b54775856ac59dbcf82cfd6cc1552470203adacbaf8c2af6cae2d8a2
SHA512 00c1ee59ed8d90539b13a44125897a80e8981cba3cb3c01c1d97c556eee3a44c8f6f546d770e5bb3f0e9e581d2b98ae5ef94885aa32779524ab7d409362b5e10

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\filter\amd64\qcusbfilter.sys

MD5 0cf388b7a9caa153efc42fccc73b103b
SHA1 2438e02626a62999e8095650e20edec758b9d56b
SHA256 4c97c8ace5c0169c423ac9883b55ea25d3a5679203f96d4608816bd595d19888
SHA512 4dd32b100c094e6d597341880dc8a42fa7d6e315770a8b3c3c21ded7638dde351f953123b77035217d58c165029a7e66220913a49f45ad697d6a5c90cd51bacd

C:\Windows\System32\CatRoot2\dberr.txt

MD5 c12a256ff89d7187083521595ea9ffc1
SHA1 7d9e412b32f1ffb85ccee3d00f55073df2b50b3d
SHA256 6f09a26dc30b876d727c782a773c12e006317e2702b457a94f75718b2b564733
SHA512 5676e63146d92d6fc30cff0c611fe64f358689bd61c5c624cc183c244f5dc9ce2bd4cee191551dd4c138e3162a388e95e104e36fe08879dd7ae7858c8d09c107

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.inf

MD5 1b05ce04965aaefcd5013db078d766e7
SHA1 8a0e5d6bedfbedf29f27d4285cc22c22a9a9e4ba
SHA256 86c4fc19d53c800431bffea5155c127be83a890b23890bce604ff592bae663e4
SHA512 d0a8ecc53f1e802c5c797250673db4ba7ed9c58ae5fb2247cad8b98ebf8bb9443fbdeb9b5bb3b7d845296785b1a517fb718dc5574feafce146a13521d2eba1e7

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcser.cat

MD5 f544ef1aeae211632ee2baeb4c9533da
SHA1 11b92a739ff19471dd23d8898cc1cd6a87126193
SHA256 b86e2a53844268be164723394aaf2009f2a2d378c569d418a418ade6560347ab
SHA512 341e8c6fd8fcf683d929ace1c26749a2471d8df39a047707f42476cfa72f56bb5edf30185d0dcb214953ff5c519710b8b4fa86dad0ccfd6516de3d6e057c9340

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\serial\amd64\qcusbser.sys

MD5 c928dda454290e783b5ad8d074d43d2a
SHA1 29310bb273166edb327a5cd27214adc493dca2c3
SHA256 ca4392cd34163682260850aa1eeb6f7fce1eed59ce9d491a5e18cdba4c7a6225
SHA512 cfb86bb62766969a9b9de7febd2cd18a267cfb6837d5827600dea6c2450db4697d047b2843412c84f0e592d275a1673cf4c58ec6a08950ba41d12dc0d5d38144

C:\Windows\System32\CatRoot2\dberr.txt

MD5 010beb7f303e43c75621324a764bd651
SHA1 d180b099073cccd3a63cc0fd965513c0b1175fbc
SHA256 5d2b9c369825402164afb38a3dfd04391d955fba58b9f1990e5ceb28a00b4384
SHA512 15e18091eb8091a3ef446e0b06e0ea66dbc07dacd17355c0cdc4a5e3cda4cd4079bde72ed71008adbdd110ba7fc0b54337a576b5a2af1b2c84f8f3dec295f481

C:\Windows\System32\CatRoot2\dberr.txt

MD5 b57f9775c4f43c109838d2b64539b885
SHA1 b0c7c108f3ddfc6d330dec15e3af80f6358d027c
SHA256 a6d3ecfe51f08a9b8460770b237e1fa89f58c8ec2588760b29f60a09311a3037
SHA512 ddc9ddd6e883bbec045f5c4cad16d55612dbe6df16d4f1a89d36ce80bcbae0fe6b7033d937c715e2d29a74227c9f1c6264aac3e4c113603bd03ce3ad9280ebac

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcmdm.inf

MD5 8657cbc04b03c82c01fc99d0cb305a5d
SHA1 79bc5613593eee933c471e90b57f699ec8c406b2
SHA256 ed2d4abc492f8d84dc9ef2dc1a1edd0edfe32b57e453287c882ba1584521159d
SHA512 ec7cb8089625ca96a3a41ef6e8066666bded645449d321d4942216a91e36a9b47629a3b77a673547400e6677a4ee9a836bda99d9b2670980e3b6a66d6be7ba16

C:\Windows\System32\CatRoot2\dberr.txt

MD5 9407fd23378fc0f4bdbe968f3f638a8b
SHA1 a9b0b397334172bd2a1dfca418e24b965c687949
SHA256 503655970b34d4fa38fd8aa3c9fcf628c16a4c7558f2fbe50810d6243a2a4c75
SHA512 aa728e6d94293d1d01c31acb58998e3a02829b3db0fb20abd713dff80a9a8617a13aa81c4dc50deafcb720b15c80294925fee3c3c8045a3f0d1ced89d3e85add

C:\Windows\System32\CatRoot2\dberr.txt

MD5 9ae41b0355d98fc2745ecc98510fcfa9
SHA1 da849c06cbc42f9062cce02051cd2ad11ea8d0d3
SHA256 75c20b3c379e050eb6051f40227a226499416c8681bab05898aa1482c53301a2
SHA512 78b78f6c0bdb8a031bfbced787f2d6178c87332669afb1e21cebb59038ff91c9dd27d67af5014299b45bd8b4fde77b4b60f36cb93063dbe95ba164983c1c0182

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcwwan.inf

MD5 4cbc5ea952221fe23e67cc9c92ed6fd4
SHA1 c34a227526919b64666e2d922bcf590d31010f8d
SHA256 6d7dd3a360534555dd9e264df0696381345919e861d8d3068b7ef870a9e23c95
SHA512 245b237c928a4d9ee33d72846006736714003fa6cb1e63971a630197bfc126c268dc1571b1d7b9dfb4e35eead20057102b7f366048fa0733a16e28a0802f5473

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcwwan.cat

MD5 08880d7186197d3399ab480112610f08
SHA1 7ff42e81ce7edaf6ea8f294677d467483d3121ad
SHA256 50c2aa490e162d15ea5c772536df7213783459da5562bf5195b617a96d3ecd97
SHA512 efdcf57adb85f68e52f8ea23730148eb38cce655d6a3f014ef9d953835a700f555bfd3fd893b862a7c09cf0b27682859971637c03ccf8cc514a79d8a2f2cc8e9

C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\ndis\6.2\amd64\qcusbwwan.sys

MD5 152836dbdcd22225eec3cb258241dee9
SHA1 5cf6bc817d458a5e09896177bb7e8800a3acb382
SHA256 ed15de767cc38cb65817e6925985aa54813df3065af22f175bcf2e80495fefe6
SHA512 103094d492dff98fbbf6107320924cc121a1d48b31cd6f5e68f7b66ed63e29f282b471af2f40cee86cb396718da6c1b646babfa13f4e6fe44cb88488c4733c87

C:\Windows\System32\CatRoot2\dberr.txt

MD5 7d850f8d52f9f4ca687100077bed05de
SHA1 ec81640e8eb866d5159316193e736673d4143f95
SHA256 59beab36b75951933021bc33d9f298f7e9a45181a3822f29bb05accf3c3aa42a
SHA512 0a80c275f8a8447c83cc3c441a5f6b74a37914df15ae2941e58cdd508a51f1e051be06c952330161acf9d35bf1ca7b4654fb57084208d93f06d7311467ab4c33

C:\Windows\System32\CatRoot2\dberr.txt

MD5 00a8944e2b904b2f12bda8cfba0dee33
SHA1 fa78c7a7786f6acfa6b1ded9de4afd240bf59e08
SHA256 81756deef7c18173aad8919c120204758d0ee4fcf7c7c578836f113b3289e469
SHA512 82185e999fe2deb86c3a19dc767bb189ede5fa3fca141d20f2a55fe122739d2a5ac4e4ee4e4dd23f253f783ce2ab3608958fbf0bc1feaad5c3811c46c3dcf578

C:\Config.Msi\e582b04.rbs

MD5 6a11dd2921dd3be972080360447ef065
SHA1 5785f1ffda49d43051936a02425cda535259f58d
SHA256 e01e556e8817757516933aec54e9a1191f0235661dae176dc5c36ea32f528baf
SHA512 8f7b4983f808d1e33b26412c30cf50d5fcc1d7c1e69d91566103b43fc45daf0b075dbb6d5e2b1292791f48b411b4dc63d6aafdf497703e26b40b28924b56dc65

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 03:27

Reported

2024-11-14 03:30

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\How to Install.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\How to Install.url"

Network

N/A

Files

memory/2884-0-0x0000000000570000-0x0000000000571000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 03:27

Reported

2024-11-14 03:30

Platform

win10v2004-20241007-en

Max time kernel

118s

Max time network

145s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\How to Install.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Qualcomm_HS-USB_QDLoader_9008_Driver\How to Install.url"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

N/A