Analysis Overview
SHA256
4719b38e7a276b43099ce4d6349e6bfc80edf644ee59d9dafd264bc7ed7691f4
Threat Level: Likely malicious
The file VirtualBox-7.0.14-161095-Win.exe was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Enumerates connected drives
Drops file in System32 directory
Event Triggered Execution: Component Object Model Hijacking
Drops file in Program Files directory
Loads dropped DLL
Drops file in Windows directory
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 13:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 13:14
Reported
2024-11-14 13:32
Platform
win11-20241007-en
Max time kernel
76s
Max time network
81s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\SET8847.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET97A9.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET9F1C.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetLwf.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET871D.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET871D.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET8847.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET9F1C.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET97A9.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\SET96BE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_72f156a5ee3f59e8\netrass.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\SET897F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\SET9D74.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\SET9D84.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\vboxnetlwf.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\SET96BF.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\SET897E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\SET897E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\SET8980.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\SET96AD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_882899f2b1006416\netvwififlt.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_0525128a3d54207e\netnwifi.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_56c163d21e8c2b62\netserv.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\SET96BE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\ndiscap.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_bc519c177a90877a\c_netservice.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\SET8980.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\SET96AD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\SET9D95.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_8074ac14f1ab2957\netpacer.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_10acfa4b924dd181\netnb.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{15e6ab1f-08ba-a343-8d6a-99a439e0041c}\SET96BF.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\SET9D74.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\SET9D95.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_3debe5e78bab1bca\netbrdg.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c520c231-88a5-724c-a548-77456a68a272}\SET897F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAuth.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_pl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_sk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\fedora_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxBalloonCtrl.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\x86\VBoxRT-x86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_it.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\rhel3_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxRT.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_lt.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ubuntu_preseed.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UserManual.qch | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDbg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetNAT.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetNAT.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapisetup.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox.VisualElementsManifest.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_fa.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\rhel4_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qoffscreen.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxHostChannel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_ca.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_es.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_pt.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_hr_HR.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ru.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_en.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UserManual.qhc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxCAPI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDTrace.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxManage.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSupLib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\VirtualBox_constants.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_uk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_postinstall.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAutostartSvc.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_da.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_el.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_th.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_de.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_util.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_zh_TW.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_pl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAudioTest.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxBugReport.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_de.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ko.qm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\oem3.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7673.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem2.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB43136107F3A7F2A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI77EE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI889F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem5.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\Installer\e587412.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7B3C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7711.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7A8F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2BB254C32C608942.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D33.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI77AF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI86B8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8802.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF9BBB5FB9032946A6.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7FF0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI803F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D23.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9FB5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e587412.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8DDF4B7A-DE1A-4619-B426-959B44E40A87} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4499D61A3D9FF46C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI966B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA072.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI76E2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e587414.msi | C:\Windows\system32\msiexec.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000089ac4f3df1c89d300000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000089ac4f3d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090089ac4f3d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d89ac4f3d000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000089ac4f3d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BFD8965-B81B-469F-8649-F717CE97A5D5}\ = "INvramStore" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{92F21DC0-44DE-1653-B717-2EBF0CA9B664}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0F7B8A22-C71F-4A36-8E5F-A77D01D76090}\ = "IGuestMonitorChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{890ED3DC-CC19-43FA-8EBF-BAECB6B9EC87} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D095CB0-0126-43E0-B05D-326E74ABB356}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C354A762-3FF2-4F2E-8F09-07382EE25088}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{FA43579A-2272-47C4-A443-9713F19A902F}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\progId_VirtualBox.Shell.vbox\shell\open | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00F4A8DC-0002-4B81-0077-1DCB004571BA}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9ACD33F-647D-45AC-8FE9-F49B3183BA37}\ = "IGuestSessionEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F01F1066-F231-11EA-8EEE-33BB2AFB0B6E}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{243829CB-15B7-42A4-8664-7AA4E34993DA}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{AAC6C7CB-A371-4C58-AB51-0616896B2F2C} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CAC21692-7997-4595-A731-3A509DB604E5}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D05C91E2-3E8A-11E9-8082-DB8AE479EF87}\ = "IForm" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{A5BBDB7D-8CE7-469F-A4C2-6476F581FF72}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21637B0E-34B8-42D3-ACFB-7E96DAF77C22}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{243829CB-15B7-42A4-8664-7AA4E34993DA}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{334DF94A-7556-4CBC-8C04-043096B02D82}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\AppID = "{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20479EAF-D8ED-44CF-85AC-C83A26C95A4D}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DA2DEC7-71B2-4817-9A64-4ED12C17388E}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{726EACA9-091E-41B4-BCA6-355EFE864107}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B5DDB370-08A7-4C8F-910D-47AABD67253A}\ = "IRecordingChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FDA727-7A08-46EE-8DD8-F8D7308B519C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{4680B2DE-8690-11E9-B83D-5719E53CF1DE}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5BBDB7D-8CE7-469F-A4C2-6476F581FF72}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAAF9016-1F04-4191-AA2F-1FAC9646AE4C}\NumMethods\ = "13" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DFA7E4F5-B4A4-44CE-85A8-127AC5EB59DC}\ = "ICPUExecutionCapChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{890ED3DC-CC19-43FA-8EBF-BAECB6B9EC87}\ = "IVirtualBoxSDS" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A7B4FDD8A1ED91644B6259B9444EA078\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C39EF4D6-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{179F8647-319C-4E7E-8150-C5837BD265F6}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CAC21692-7997-4595-A731-3A509DB604E5}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F4ADCF6-3E87-11E9-8AF2-576E84223953}\ = "IBooleanFormValue" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BB335CC-1C58-440C-BB7B-3A1397284C7B}\ = "IStorageControllerChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{A06FD66A-3188-4C8C-8756-1395E8CB691C} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C48F3401-4A9E-43F4-B7A7-54BD285E22F4}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\VirtualBox.VirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BA329DC-659C-488B-835C-4ECA7AE71C6C}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D78374E9-486E-472F-481B-969746AF2480}\ = "IGuestFileSizeChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DFE56449-6989-4002-80CF-3607F377D40C}\NumMethods\ = "21" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A773393-7A8C-4D57-B228-9ADE4049A81F}\NumMethods\ = "17" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DFE56449-6989-4002-80CF-3607F377D40C}\NumMethods\ = "21" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CA9E537-5A1D-43F1-6F27-6A0DB298A9A8}\NumMethods\ = "20" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ova\Content Type = "application/x-virtualbox-ova" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{4EE3CBCB-486F-40DB-9150-DEEE3FD24189}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4EE3CBCB-486F-40DB-9150-DEEE3FD24189}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A54D9CCA-F23F-11EA-9755-EFD0F1F792D9}\NumMethods\ = "13" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C2DB178A-7485-11EC-AEC4-2FBF90681A84}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D134C6B6-4479-430D-BB73-68A452BA3E67}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3DB2AB1A-6CF7-42F1-8BF5-E1C0553E0B30}\ = "IFsInfo" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{455F8C45-44A0-A470-BA20-27890B96DBA9}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E775EA3-9070-4F9C-B0D5-53054496DBE0}\NumMethods\ = "18" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{2A88033D-82DB-4AC2-97B5-E786C839420E} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3890B2C8-604D-11E9-92D3-53CB473DB9FB}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E8C25D4D-AC97-4C16-B3E2-81BD8A57CC27} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{6CC49055-DAD4-4496-85CF-3F76BCB3B5FA}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{966303D0-36A8-4180-8971-18650B0D1055}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97C78FCD-D4FC-485F-8613-5AF88BFCFCDC}\ = "IVBoxSVCAvailabilityChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe
"C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 43B99A12DC119EDE1D118709C102C5F7 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding D9216B4A5620C4337ECDF44C71E2D69E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F610A3F0E4C1F8A97B273F46E8E6F622
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding E179F65A585C88F9E3FBE4B80A742F27 E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C90AC32DFA2719CF7FEA2D5383D8DBF6 M Global\MSI0000
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000168" "WinSta0\Default" "000000000000013C" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000180" "WinSta0\Default" "000000000000013C" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a25055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 255.255.255.255:67 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.56.168.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.56.168.192.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\MSIC033.tmp
| MD5 | 3e96d4bbea9f87cccdb9f1ba6d14309e |
| SHA1 | 1de6ef91b7d961ea5cbd4e23ca14174dc966b4e3 |
| SHA256 | b5cc30d5a2678bf4a8d1889e1db385bccac012156562551e6c508e0801e912ff |
| SHA512 | e25fcca4699aaeae4f0953c69b65b2ea150c0049c5cf5e4370e279617d6553461f7ce2729fce049d4118ff66c2cd3f7eb537e0fcd8249fad32ce17373cf4b9b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B
| MD5 | 003ac8a88e59a77b9f5a05c3d03b01d3 |
| SHA1 | ec3a1bcba6de2121cb5ebb5c21b2733d37ca51c2 |
| SHA256 | 91d1334b3f553edc9da85ad4d241215de09484ec933dd2269a21ab86057f374d |
| SHA512 | fa8a181049ea45e15e05af472e5bcea2c1424f1b60bafe92ba0f310342c0495dee3809c6cd434fab49b3775ca997274ae0be425efd3e0f90031b6f91bade1db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | 762f1cf4815715b6589cc0836b86e2fb |
| SHA1 | 1900b68eb067ed73adc803c6dff487d9f3989ebe |
| SHA256 | 5f25cc39d65660dafae0c878e4f403a36c659b1b28e1611324efe7b64d0d4a52 |
| SHA512 | bb05445ee3de7dc52ba18e37739674604704834a74b1aca629baeffe1d7077884a6f94c62b805c68729006510856dbe5aef4d607195584ca0e55fb775ec108a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B
| MD5 | 5c37e151d502924317d3027d790b3494 |
| SHA1 | 63757861e09d29dfa1869a0f19bbc8eba1c44a3e |
| SHA256 | 2f92172447770bfa8b2bcbb6bffc98c72f3b10d3726b5fd05a148fddca86af30 |
| SHA512 | e0924e146a6b88686431898d1665f6cf05c9eae023102647ef02858094677e84f2097392f6050241d65accc2701ee55e7550c2f0f564a3bc718159f4500f064a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | 5db620292aeb2fbd25c8529ec2eb6b4c |
| SHA1 | c4400780b1d4ddcdc7fefe20bf707bc5fbbf2bea |
| SHA256 | ccca05c8bf30a3e49a786237750116c943e12a4f5355838e0bee53065f19e114 |
| SHA512 | d8da21180801c86369b3e17af147765ddde2dbd02acfa0bb962c3ee0fa7513161b334c9c22178580e06adc27e6003d906a76f5865d26b7cc55456e03be408231 |
\??\Volume{3d4fac89-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{5d0728f8-5ec2-4b46-a740-a435d4c01dcd}_OnDiskSnapshotProp
| MD5 | 0a458bab2664abe00474c5aca465b21e |
| SHA1 | 30d717f6fb129d50d9c5d2efea64967a122ee626 |
| SHA256 | ac0d6cc55ebd162d83786fd2167b107745440f1a232a7a5bcfab535c1122d54c |
| SHA512 | 3fad016b555a4f5a55fe3443c8c28ba20c20d32fdb9561690a764c7c635a1071e974018f35ce4aabfe01eabd9324eaec47348771dd1fa294f81857ce2dbd8288 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 41e9f479f2cf52a54edb645ec191d37f |
| SHA1 | 86f710b78cc378dcf4ab9eba4b9a9403f37d0ca0 |
| SHA256 | c103067d4bbbd5e4ed46382d2040e841886fc9917e36cd79bed876e3319214c4 |
| SHA512 | a9d6729c9b6f725a8f0bbd82c598848bee16c34c8f5f15b5e7205f206277b41b46df2912262e259cf87d940eebe9e7e3771cbcd978f480d2fbd69afb42b317e3 |
C:\Windows\Installer\MSI77AF.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSI7B3C.tmp
| MD5 | 418322f7be2b68e88a93a048ac75a757 |
| SHA1 | 09739792ff1c30f73dacafbe503630615922b561 |
| SHA256 | ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b |
| SHA512 | 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef |
C:\Windows\Installer\MSI86B8.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf
| MD5 | 73baef81f0ea58b6dd1b8e38e199e567 |
| SHA1 | 66e89f5fee1ebfa980160984940bd5fa910b7180 |
| SHA256 | b24d35b010526a896ddd4108f10e235054593d79f5939a2d484da12517d351a0 |
| SHA512 | 978a94895e7a9d88eff50f4b552ba7ebdf73b4654d48590afda8b09cddd3d188d11d4bfcad3cac374348237b69d249467ccf04159c88da9fb783fb65d49f14aa |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys
| MD5 | 6276906d6a4ee29b29ca50b4825d4098 |
| SHA1 | b542ea87c12b788c87ed693d549fcffd562c354f |
| SHA256 | 73fa8b463ee9a95930d98da3f9dd0637e63f06e8cd510bcaa285d91e4dcae2c7 |
| SHA512 | bab6e0947bcc54b95e504e24d5305dbfb7d6c1e60795655a5c308c0a9fd2433bf4449b838f8cbb021479dcf6383f853445f719c8347a7e13f1e05b622b09207a |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat
| MD5 | 0b017252806546852e7808267d223e93 |
| SHA1 | 5018924056e84eaba285bb0de5b18677dc64c518 |
| SHA256 | dd54bdd004785dc8e0b0824f49b6ec0665ac0d4623162c3d9dd636ec11dd3a25 |
| SHA512 | 155c330306ca91a4991ee9a5107a2339630e9cd34696206c7ae1526cd2b9fd092753f52cba2ff8bb0da6bb69fdb19fc6f9aaaef6473b5f5765aacd201573dff7 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf
| MD5 | 16ea0763f8e734401a17973aa0aa366c |
| SHA1 | f206e753616e3ffda643a2f9c657df591020ee93 |
| SHA256 | 23cfad6bdfdac3f08ac6f9d7b79292affe78c834d19939a3a554c2844f54f452 |
| SHA512 | 0d7504e67cdab21733f95188776f1238c2f532d7aeb372963c221c33f2d971e0745ddc86862935c15ab8ed812a0cd77818cffefab221d5f4cac6ac8d8cf43563 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat
| MD5 | 421e43a41fac5422bead785c7dafece6 |
| SHA1 | 4dc22822e5ed15cfaf42864cc0f1e63ebc74d076 |
| SHA256 | 0d80dc9215057156589b2345f793df8884b6d684e83b1ac725c4e47debd6759e |
| SHA512 | 2d3af370d66e54b260c4ee27c01dd6f97111949593b05fdddd9d1b4a58f882982a96a3ae1628a3ddc7dc7a6e2729842723c1fcd62a180700390c6214b1d751c1 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys
| MD5 | ea4f74bf86589c6e8f0fb2866b3820aa |
| SHA1 | 17a542351d8cefbc25ba2a184f80a6897566ac7b |
| SHA256 | ade2e8d684cb59bfea99ad09e55bc5f2a808d824c2905ded1366b7d32e906529 |
| SHA512 | 397a2129d9df502636776d49c62ce2887999f3e24f975905f108bf7c2a7196e0227f20f7644cceba9513384781f2988c6e1ce8047f705c872fb3970ce15466cb |
C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf
| MD5 | 9cbb45c10d1d5920e4d9320e8dde36d4 |
| SHA1 | 3efb47a5381654a7f996c4049ffcb7ad671f2c3f |
| SHA256 | b97746731c3f8ceb709020ef1be969721b004f001ea2e55f61a0c395d611b109 |
| SHA512 | e72d534560789d15a6bdaa481d022fb5111b75e8321f0e1947e653c598e7cb8ed1ca25dcc01a4c341cc7bb0fca133f6c92bbb7f3cfb188fdafa0babc7d558ee1 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.cat
| MD5 | 351ea41c61b4b84fbc0a461b1768e104 |
| SHA1 | e9fb74d027a25e4298eb751e2ae156c8806428c6 |
| SHA256 | 36b73da2bc1b809022fa8c8072a52d082a869243dd78b08dfcf75f1146255a31 |
| SHA512 | d0b2f30bcce8e324856f6184f50f7bc24ecf220b575c14166a81ebad7acaa3b14250aefce10e095bb90ea0565be85c7638a03ea289f61c46921b800d3b5a5b5f |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.sys
| MD5 | 4669d1db0f07515d41f21f308b4b390d |
| SHA1 | 3400d9f8ce5541e5fd59f546a7a44d98ca7eb331 |
| SHA256 | a6c70813d6afd3c9e191de5127c219d912a11db1a6fda80fd6793a97e5a9e692 |
| SHA512 | 3b285fa9b2fc63cd8f7b756dfcba56022b67aa4ddf5d40fd4611037af92a31502df43b0c2ffe8f28faf5ae97e69497d540cc4028be1abf42b34cc6433eb307a3 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 7343dde4de14d26d6a5a4f807a1541c5 |
| SHA1 | b0e5fce7dd2ae61485eb96b02a8747b53560b546 |
| SHA256 | 7d4192f5e104ce1b3e4a012df963da6be75a9d8389a62b58dcd96ed8759f6a08 |
| SHA512 | 9c9045e0ab82258a62eff28d183152ac5317a48ba824e4d4bcc5964197e3f639c0e5d177ae35ce6e1c7fe8211753bd8aba954ae670a1329d180b040e2423a267 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 97a153ce0035f4761e219b2e481b3835 |
| SHA1 | 832de3f400dc765d6dfd4f3c98b1b94f27d1191a |
| SHA256 | 242a7052523f0b8496f0c44d278dbe6fce838b413a8192c567bfaf8b5ffe0e7c |
| SHA512 | 5767132de02d4458841a4d12216270a402b3fe3674f447ae6fb262362f560b24909d9d057767778678d6e9b6c4f7f6dd793ef6aa5186cfb2d0bcee04d05e1824 |
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
| MD5 | be3cbab296ab1c9fbbe7dc8e97b06e07 |
| SHA1 | 1f6a242ff2039606ac558c56e4237cc9a9fe28fd |
| SHA256 | f640902d85cbeed89f1f2237297b2eba3240cb4431c64131f2253331e0b67f6d |
| SHA512 | 2742b09e99d45201d2f70df76d9d69369eb666194c39b99627c0d8a06da4de19f3bdc5b83fee7e7f84e7a26db123b5463060b748f4b27eeb3a27049a8589e28a |
C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
| MD5 | 166f9409ec301bd79860933cbb8b6708 |
| SHA1 | aa51281832ad1767b8480ae48760d0e8e1088710 |
| SHA256 | 74dbea34d5b2c424281719df754bd1e4a28cc3c03759cc1d38e23b8fc120a7fd |
| SHA512 | 13f9953e5da10c778c39228e1b379e24647cecad07e8621220569e8869f84db4ce9c0f82faeccb0ec1935e9a161e052fc446e6dc83868554b8a9631a9627e356 |
C:\Program Files\Oracle\VirtualBox\x86\VBoxProxyStub-x86.dll
| MD5 | 6d3c7d2e108cbb7b5389f51ff68bcb9a |
| SHA1 | e47006dbd81b0ad005dfe95339bb54ac59b20f47 |
| SHA256 | 53ed3512437fbeb4277c24790ce67db048f81b60c3669765541495ef88056b88 |
| SHA512 | 0b69c294c32beff25e91ccfc5fd3b26ff76e8a92b81b3f69fc0065ae6c8d8a676039303cc5195bff1d71735a1af97f920ed1a9911bcbcd27a7532f7539605fdf |
C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf
| MD5 | 6016637d32182738bfc71e7e86bfa1a3 |
| SHA1 | ee76c95ba76286743ab9d3420c58c41e0f1793eb |
| SHA256 | 68fca318c6f63b1d46f3a75ad62aedf1977d135411d82e850f09a6e6e7e8765d |
| SHA512 | dc1c2584c8f25b527df9aaebba3ff7cb5ea9427825b1af9f72005f6789aa8502bfe2a16ce1c2229d1ee62b3d553b7792ff943807d753fb5dd50f084cc1815ddc |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.sys
| MD5 | 2ac0caba931fd7736866c3867f8ca6eb |
| SHA1 | 610700909bb66d0842706dbdeb6540bc843a5d89 |
| SHA256 | 4e619bb6370f4bc4be52f43d6c43f3a86e3e2ce7bb04baadff17d3b731f18f3f |
| SHA512 | cfb1dbd3227941e3f04f366ae661ebe3503ef789e70bc0a438569fbbdc2a2bd89e8d3b978db44e5182f81a0b98b01cc5d70690ebc8d0b5b24a00bba48c3eb866 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.cat
| MD5 | 75eb3dc02a8ee04f1f3c96bd80e253a2 |
| SHA1 | ace2f9f1eac41cf6bd3dbb2d69530c6f044afefb |
| SHA256 | a27ffe3f719b5f87c694b273af7e5796cf93a495cd195aff25e44e24fecf8e1b |
| SHA512 | 3d451852408ac7045c1558fb97a21a61d99bae207e3e28050109170999fcaf7f091108d3a15596946aed55497611110040726bccb939850744c5b628db369a75 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 9145730c67b5cb0140017cd369f8fa20 |
| SHA1 | ce14a60883c46be41caa63f7466e52d6d9806798 |
| SHA256 | 5138d577b7a8e8fdb00ec104be31efffa4fa148ae0e0752dfa73d53f684df685 |
| SHA512 | e30b0eacc985aff4d39254016044535745a00567b9961569a2463e08ae8880242d9fa9fa1139f4fa731f646de84e3cc23aca4bf60410dc449e7bcf450e823a55 |
C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf
| MD5 | 4b79c4041164c4d8b24a4f51f25b026a |
| SHA1 | e877f526967674a90108da7be7cf38744e5969c9 |
| SHA256 | dbcc2c6f3dc2a68eabc698d2d7d94837e9f79711dd13b414299e20c00c016779 |
| SHA512 | 8c7ab281df799538f0dd1a2b353c072cb1cada3b57e6aceba5e7f228cecfe5634e26ff05b927d46a6fe0f9e6cdabb4c266cfc1e1a425f04f0f2be9a179bd4a30 |
C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\VBoxNetLwf.cat
| MD5 | 6d9d62401ebc8d8b48e6724c2e162d2e |
| SHA1 | 7d64d6c2b98e6545382a5c3ec31bc71e2d6b3035 |
| SHA256 | e308cfc6edf3b6e969a115eeb111d0fefe0be93e00856ab1280459dd83a9f93f |
| SHA512 | 46244a02f61d6048630312a0827f0141b8e99501d367a6feeaa5d9ae5c157f98969dc50642ad4d03b5863b196456d8d903241b1077809d280b860bd6aba6bee4 |
C:\Windows\System32\DriverStore\Temp\{0e10fb9e-bda2-594e-bae9-2015d41967f8}\VBoxNetLwf.sys
| MD5 | 96a60dbff3c4c7217741e0007d0f4abb |
| SHA1 | 1651f89d9ab8455dd4458f605bee3a4ce429e42c |
| SHA256 | cd3af3b853c27626fcfc85997feead0a48e56d618e2129f62fe1b96a203a44c7 |
| SHA512 | bb7de376b7fbb8e8dcf2a49f9c4e195510ae5895d0f612dd9f80fa56197b55b81cd31151bdcacafc616c7998513cca81192460e09b9a433f9b688d706ebf3d48 |
C:\Config.Msi\e587413.rbs
| MD5 | 8cb82c47c14d713296d4084b932a3b7b |
| SHA1 | 044675b7a3de1ad444b065560db2c9a4309861ea |
| SHA256 | fbd8563462eee5098db1828c8045ff7a389f65adf1a9e475cdce6e978a8be018 |
| SHA512 | cb08def6f19a2c31ff431a59cdb5c5400fabb3379c3c0d4b533d2c91394ce06ff5cdcb8c652b4080dc3a876897a2c7f4d44b935f367b2994a7180265d3231a25 |