Malware Analysis Report

2025-01-03 03:00

Sample ID 241124-2e9dqayqcj
Target 4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d
SHA256 4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d
Tags
babadeda cryptbot crypter discovery loader spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d

Threat Level: Known bad

The file 4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d was found to be: Known bad.

Malicious Activity Summary

babadeda cryptbot crypter discovery loader spyware stealer

Babadeda

CryptBot

Cryptbot family

Babadeda Crypter

Babadeda family

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Enumerates connected drives

Accesses cryptocurrency files/wallets, possible credential harvesting

Blocklisted process makes network request

Checks installed software on the system

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies system certificate store

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 22:30

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 22:30

Reported

2024-11-24 22:33

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Babadeda family

babadeda

CryptBot

spyware stealer cryptbot

Cryptbot family

cryptbot

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{CD23C16F-6841-4E3A-A1E5-0CD7B95502B3} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e578ec3.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8F7E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI900C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI909A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI957F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e578ec3.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI905B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI90F9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9139.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2292 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2292 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2292 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 5004 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 5004 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 5004 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2292 wrote to memory of 2888 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2292 wrote to memory of 2888 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2292 wrote to memory of 2888 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2292 wrote to memory of 3840 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2292 wrote to memory of 3840 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2292 wrote to memory of 3840 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 51596BC4E541C72F855937A0F27E9DE1 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1732246839 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 535FC8039382584E070F0C428B16C9A2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe

"C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp

Files

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\decoder.dll

MD5 454418ebd68a4e905dc2b9b2e5e1b28c
SHA1 a54cb6a80d9b95451e2224b6d95de809c12c9957
SHA256 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409
SHA512 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi

MD5 68f6c681ccc9cefd9642fef8b5cd75b2
SHA1 d2002a07e362813e3866378f78b880cf168002da
SHA256 4ac28d03135f3f09894c9f5b32931df8d490159f9b4d9d9e68ff249d4f9be739
SHA512 39985b0c3d3350d576936b7d4f77d653ee93de68643e9dd27d40bef8d8a5aa545e8b9d7b839659206bcf0940436a3baa540a05a1281bc95dc56acf71193cbed5

C:\Users\Admin\AppData\Local\Temp\MSI8C91.tmp

MD5 3d24a2af1fb93f9960a17d6394484802
SHA1 ee74a6ceea0853c47e12802961a7a8869f7f0d69
SHA256 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88
SHA512 f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

C:\Users\Admin\AppData\Local\Temp\MSI8D0F.tmp

MD5 0be6e02d01013e6140e38571a4da2545
SHA1 9149608d60ca5941010e33e01d4fdc7b6c791bea
SHA256 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3
SHA512 f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

C:\Windows\Installer\MSI9139.tmp

MD5 2a6c81882b2db41f634b48416c8c8450
SHA1 f36f3a30a43d4b6ee4be4ea3760587056428cac6
SHA256 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805
SHA512 e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\qwebpdV2.dll

MD5 9cd67695fcba8780d389442ff8ad43d2
SHA1 2cb7fee581066294516041bcaa3bd0bb9917210b
SHA256 c4a78c680a0df3be0a07fa45cdfe1cf1b632bf5b6b8772444174ad9ee41ce455
SHA512 0a8f47e5bad81bd0da064ee602a5ec162abdd537d6fa625bd6f4c52cb84224e86079ff1adb4133999b76356a9d185d4ad2ed906cf83134affca57cc71bd39aa1

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\bsconsole.exe

MD5 862bdeb6127c708986b3f35fbb3c0358
SHA1 9da8fb4ede3495782db44a3b66bf82caeaa95a2d
SHA256 dc0bea0732c39b709ae477630b359321bc46b6b039b9d47b79711c85230aea4d
SHA512 ff01cb7ac8e34766b05dc231a5b1d5c2ef05cdb91466638b443abd61be2a582e9c8319fad38f26a74e9baf773710eef3a9bdc81ff2afe2580e6ef5cb5b716950

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\ugof

MD5 f7974c955a850c79b7d051450bbde204
SHA1 c3e444061f92cda6ea172f1d16512dc6895d3d3c
SHA256 a09a6ee7aa2cb89841d2b6e7b8c616f72eae5ca410098638d690a56cc567c78e
SHA512 a9f512d26fd27337284f74b116e728096bf9348f65ee2658c6d7ff4ee08846b6619d879275c144dfc4dfffb6e587ea981ebc0c857172e4de3f68900f82110f61

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logohelp.chm

MD5 4498d1584997d8ee7626b51f23bccdd1
SHA1 707c0b366848b51a16be5b858d021d1f687a4a6e
SHA256 1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81
SHA512 4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\UCBLogo\DOCSETUP.LGO

MD5 af2338b665a5417db65558498a59040f
SHA1 63549951dab5a788a2878eeb7842f09101bbb264
SHA256 5fb8b83555b911685ad6893d5d292065b46964a9b4a9a662406b0c93f72e370d
SHA512 a3478490d40492d99a8895a06716140d40333cc2fdebd70c345d577fb26931d2c9bf4f1194062c660fd764573526d5aa6c69d6e2843edf9a93b49082a30a6bcb

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\gensym

MD5 77593a26b09d56f2a9df693179603e53
SHA1 d9fb47106caf05a1f670ebcf343bef0666b587b7
SHA256 0dc3a5b044985442823c861c934228121414bdf4d0bba640a6f4f7f16e6878ce
SHA512 c699fc79e198e4e589340f11c0e512e43c3b6666eebe799266eae98a297479a98d9b85ee68b92fb50e19c567950504e4b29266c6b9679697e573e29ebbe9c28f

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\fmslogo.bmp

MD5 074091f21cae34e830cac8ef5422b840
SHA1 2cf882243c45a7bb657cc74543850c07227ffa3d
SHA256 f8656e1e1ab41af29efa9550769e354e7e0f4476b802e32090e706880ec86603
SHA512 62ea398ffa3be0ad6c128bb51bb6d28d9dd2366420beb88a357d27f3a3d3951e69b822e23c6f4389d994408e647c4ee294a37f71615a4945b7d25ff851adcd81

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\sort

MD5 cd20b9c3705eefa651bade693c6dac2c
SHA1 a6331b125bc04c8564f4bbdba15abc1a5f44e997
SHA256 7d7dea747b020fcedec8a09bcf698dd8e781fe9c976cfe47af340c17d301a55f
SHA512 d5d232c4f238cfbc0e7a1003edab19e72504df9e4644f20a5de8bfdacd656fa1932abb3f17155c4ab0a182ef49715fb4100dd0fd28f700c98e29256d05c7331c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\SOUNDS.LGO

MD5 f7057962212a95c144bcc6e60aef04dc
SHA1 abce5ff6866f17549efa4c236e337e8ab79a1087
SHA256 8199e3101e53dcba42657fc9a83aeed957e1df4dde0a9aa6cca7addb9a02883f
SHA512 b2e5521debecd8589d6dcd1a112d0f39c04d2d121bd2bdb821c7573aa6e91f7523361aecab58404edc90144c2563f84b2ba3fc3111c2aaf52b0d420a9e0e822e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\edpls

MD5 2c26ed91698c48237926c26856896a33
SHA1 8fbfbcadb2f40547feb3f9ac8c00dfba047dcc9d
SHA256 e267a396ac8c3d5d7b397e6a3a11b5a7bb380456e34bfa6affa7dd7bc8197b82
SHA512 924bc31885ed0f11fa6f4e10890d942e02b8db4336b013f6cd578cdc0520ed9fa451f05c3ab44738fd3e1798d5fef5614c97922881f346376f4062fb20a04116

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\SHAPES.LGO

MD5 0332b5c3611edd45f37327f77790bdb3
SHA1 2d7c75029ef8b90ab5967882477a359a75c3ed7e
SHA256 5ab5a634483c48e05ffa3ae23615cdc5aeef699e374c9cbd0e6a002b4fab80e1
SHA512 0ec71ac30c03dff87baf70808add8b15cb13de990f352eb50140ca78bca5b85dfc0b292cc527ce6f6f38595af7552c747dc5354a09aa1881058418e9c3cfb1fd

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\turtle.bmp

MD5 8e5bc954263e6706359c06686159d143
SHA1 b5cdbfb8d0f200b580116404c6b6433b4df2c9d0
SHA256 bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c
SHA512 66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSTEPS.LGO

MD5 8bb174bb497395b6d679af159b75e9b1
SHA1 6e286d495c5720c6c236f2d521e4baa7affd09ed
SHA256 520cb66f51f5822ab2c164fd23badf8879f3c22f63706a9875b4f3d87db0919c
SHA512 6ab2ec5c91442c6ba0412d6d66b65f274fee303a053f883ca934bb8791c18871c239347967c1ccaaf56724aa1115a39257deebfacf70abc7ce7d8c6ac715122c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SHUTTLE.LGO

MD5 ba4b027fb49d27471ee578dc93d5296b
SHA1 d9fdd8bed9931dcdb2d3f3056cbd5286d903c6ac
SHA256 0d4839f083cf2037256048560fb3979113f2948941d580158dde559429491ebd
SHA512 65bb4b4fe447c5c86bde7d4e85b524cee9e707c0ab10f07df189fdddb844a1fa83cc29aadd0c99028d71a17a6158ae6b3104ae1cd4a01cad60ae0daf84efff0c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CARMASK.BMP

MD5 afe2ac27f1ae91549f64971d1ba81e1c
SHA1 a717af1a26506bf440d8ade244e12b9283b2b7bc
SHA256 c889fe2430b247aa02e7a101360002b88151cfef4df3a99116c22ee80040db0d
SHA512 15f45e1a6743fd2d6b2ae06840466e20efa3018e659f3af65bec14ae372f42adc9ac81e5745c38ad7ae40d6c033d087d82699975afc482d89e441b772ed4703a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\LICENSE.TXT

MD5 cab5d95bb20bd0f36241edd276851797
SHA1 31848479ee67d58a013f018bc165ce1674166c3f
SHA256 4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e
SHA512 c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\README.TXT

MD5 2f271a2d2d92de5579f58b32f59993b2
SHA1 7582831fc25e3ce9c327706fd6d27f8a19e7abb0
SHA256 c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d
SHA512 7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\erps

MD5 3a9773d3c628a26efb158de5db1ef67e
SHA1 61e7b83995bf00c0cb8a506f31be47f31b257ef7
SHA256 f19570aa8b73e09307ca290ae4c13d644ce3d2a64c72681b673901e189bd619f
SHA512 f2bd8130f987da979fafaa956cd4b42e62312014df8f363f7f1c229143f5e357b48e0798a8b592b506359f1c723ab37aa272a40debbe882c7741d96c5c12a6e1

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\ICOSAHED.LGO

MD5 1a52a14106fd3e659d3f960f7cf45ab5
SHA1 72e840e28848c0e0ea0c60eae20bfd775043c8e3
SHA256 9caf0a5e3ea51b7125a67fc6a8acfc21aecce0bb35746bb57c0abca8e9c801fa
SHA512 e2d81e0d9f9f9199296a097e859859227e31063110568221deae5a6651378a45920915a57b6c84c64e1ea497fa59621d0491133d05525b46796735f50bfc6a0a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CLOCK.LGO

MD5 c4acddb7dacd73b0a509fc54e9c607bb
SHA1 9f1e79be02b00a5eea5d615094eda6ffc4a45af0
SHA256 070086e62f194b7de43c7145508c1e68b8081d7c8393a43e4c49d6e5a147143d
SHA512 e21ec056a9952a441ba571db14d681274b1384e6dd10299d193223516f6ffea9bcc31c3bc114bc9cea8e71c9ce15fc483e7d51ca0295e8d3cd02aa81838ddb17

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\popls

MD5 b2055b58a8ff5e036ef3c7a26294b6fe
SHA1 e7c23b4c2f5025ddd5da319a0c0d08f4cbc46709
SHA256 b17b51b97e24131d63315f1c7c07923ea698ec7609f023fa3d51f7a7aa2c0c64
SHA512 13ddb6c0d53107514b785141cd50d4baf9f928301f1b509f2e9c664948223c8f2c59157bddc107c41354f7711c26d8928e2fb23ca80719417ae3ad777261c997

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\PAINT.LGO

MD5 ac8a45e9af464471cb24ae03f6a013eb
SHA1 7e5d6fbc7f8a2e602400d5b5cea72340604c26f9
SHA256 f6233aa2a13cd8a69a0121b10a4980263b697dde777db0019117d2f7d0ba5405
SHA512 6b2c9097af60cc08f54c783852a272eb29956a86b6e215f8d7d245054dc309126a49c5561aaa06e1ca439d2dd8461d516660f79381cfa15116feb80f89d07c1a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSIMPLE.LGO

MD5 77eae74dd7bd2ca9982bd2f12adff615
SHA1 9c82d2fadc1ead2cd0848a261b1430b49f806e79
SHA256 4018202e5192fdf1e92a2d4784b884af3c9f27409cabe16a8f1b8803df599ccf
SHA512 0d2c268994584fa15c88e54f7c673349ee259f006a40b69098b673d28ecaca6042840b98198015b80cfd61b106b2585ff05f47e6c470b4e8a2aa6cd967a6ffe2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\erpls

MD5 e2f61a3e179e96b2552d68472b157f98
SHA1 1502e4db6d4607e3bf01b7c4a5a40aa939bb83d7
SHA256 bf31c8a529c1109938b70ad0b2098f47b1a225eb09d76c0a83a4fd01ae0cad3e
SHA512 e255b2a8fed46adad6d50718606a647349de28c61655b256c038e7b524ecb9ade6f17afb6602f637e6fd8477d0ffe0921e50bed0f7db0203b9cba7794ddd5e49

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\for

MD5 5a85db59e054e34f5460cbdf9b57d3dd
SHA1 d56cd71b96f08a94b71844ed4c155f205077cc04
SHA256 84a2d29f34c06aaebaf99eb1ba408079657792f6996f07bcdffafe8ceb17336a
SHA512 890c70d61a10d1aea85e5e978d0fb6c18c8ff47223caaa28d0b8de4f4f40657a13009c8f664893d974a5be8e12a7337ed2a8dafffe5985d87bfe9daf4921c9ca

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\HANOI.LGO

MD5 a21687bf228a38528aa1963d2c8a78e3
SHA1 c816e2c99e20f2a79ec0ce9a8e0e9f3c05c9af13
SHA256 288699cdfee3880ca1ad2056e1cf4a2217a9d684005c5c690a6594f3d54709ae
SHA512 1802a7ab95a54fd17c11e2214da5c671618994fcba3efe2e4d366c59e8941a592f845c9f71826d266b15062554e6a32fd207ec09cea14e7bf12fa66966bff887

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\CHECKER.LGO

MD5 829044c299c931e3773faa5340869b2d
SHA1 4a88dbf1901bba3b5d8b4cf2bb7c66998add9a58
SHA256 2cf7197f40b2cdb9b381975690f664a305696a1e84b56202364321b009e5eb54
SHA512 65bc42f88c69b1539ffac2d34a45efa98b8b684c3a35643f779a1176d3a0095ff15ce51d816b314b35c6ad73c3e59a47b9601947f0db96f772a1f7a405fa0c37

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\demo

MD5 8d9a244c414e9b9ba1bfe71666f7ead8
SHA1 66a250b57064d290b0aa73e33e4e02acdd416b4e
SHA256 a17348301387f93f0b95f6adb5c38c44ffd46e57c82bab3aee08425bcf6b2e82
SHA512 001511a731a5997e50f9a847fef2a9a4ddd095a3872fb0f1aa66daaf546182e4f733377adeec421956d5378923570da016092a8cb3703c2c4e4953cacd02089e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\ECHO.LGO

MD5 4ce0cb03e9b2e5707843f40f051c7e2a
SHA1 cf264b2656cb5515edd4728cbd3800aac335fa9d
SHA256 de0662b380865e9a1986d583c3279f1daa806db77d8a51061e9ceb9fa4c1dc04
SHA512 94d09dc730eba52110824cc46560172dde98bcd8cb8065637868baf9f9c11929ab7d847eaa4588f0f72c717d95d0bb9841eeca18c0ed06f1fef06bc12041e8bb

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\VIDEO.LGO

MD5 41e2e2486bed7aa9f30ba50886dc7091
SHA1 b30e92ef28ad24604eb52f8c3dcfb86e6a155285
SHA256 1d8bb0715855870c869995e6f118cc8cbca85e777491a8dc343707e1b85d1714
SHA512 ac1ce071612fe55a41c57ca0b26ecfd5db2f694be7c0ab0cf87a75b9696003717907c3c73cc66c1d60808182823f5c59cade7595b9f04d7f93c98ee407a84a0b

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\#

MD5 f0a82f611f562197355d1d8b19de1fcb
SHA1 6cc0f96476fa9cf1f92e8d6dbdc3932d2c65c3f3
SHA256 ec9546682cb6e9f0cd51acf4e40a21d7e37cc5bf511718bf77857d82839eda5c
SHA512 fd4a2e5319ff95712bb663095d3989a21d2291aab1a80fe6edebe3178e6ad919fe3b42005a476f50d823c2224ecfbf5e3a569d360d5f9328cca5d61a999a0ef4

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Windows\CALC.LGO

MD5 038f7f7c01d85f43fb2db6e7fdd2f0aa
SHA1 96c34836eb5885f55808c52d4faf5c255d7d97a7
SHA256 4d5927b1336479d0c0fb6974e74574fc55fab91292d19ffe1ecc4fac490daf6d
SHA512 9b92d33e545f7a8d3e89b82483c8dd10c833e62bfd4c0986ce1542dd6376a3a1fa258863631d2921b80cbb955a596ced85c20fc838449961937a6638c9cffcac

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\UCBLogo\ALGS.LGO

MD5 6adc19d9f3ffdefd4853fcc2cb7a7b7d
SHA1 0f245efb8ba7286b63caccd559b602beda8957ae
SHA256 4299e80f6ad590041c422c0927200b3effd2bb0a1bd186b25c5277e93c5d1ca6
SHA512 fa941a5a93f34dacd4f624918041ccd9ee43f94ef51f4dc9d25b4165af33594e1fcd6dcd85426c207a8c97bf9916c5ff9976bf1f0988790c268cdb5ec221c7e4

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Pascal\CARDS.PAS

MD5 b5e99669b838116e212ff4cdc97550ad
SHA1 2642129e6ca9263e465908ad3f2164442a5ec3b4
SHA256 9df2836c574e5597fde9decf6e626f3dfab36cb8e286a67ccc269a085f2263df
SHA512 465f0a13ec509c018894e2b0ce02bfe04c7458d4a4b398da8899a96fd02a61a5703764eafa4148d06b99263bdc8fa190d5fbf30b333be2954d5ac821f26ad281

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Network\NETLOCAL.LGO

MD5 886a6ec4c437b9d71c061c0b95f4fd40
SHA1 9e601bb54017a9a24df60b6c5709b86321fbdd60
SHA256 04ebc67ede85c171148c4a41c19ddfaf64a8342c6d10aaf97a3b7dc8da08ae76
SHA512 b2ee5ac1a59e3003469435b1138e7d2b64f0cee50eb7c7f1e47daec9d6d222b5c38f8ee0e482865d2845ef3bddeb0b0c525121f5a7bd1386360363529190f023

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\CDROM.LGO

MD5 b7e032a03eca04ab9a57cd9378c2daea
SHA1 9819866aa84e9f69ac1cf244306e4055c20376c2
SHA256 4dac6972d0437a91f0e8d122c2d5a3b3dbd7ea7cae44ba30a210b948b7bc8082
SHA512 1ce2cd639efb2ac6ad6dbff9ca895485fd67d27b0497973003957769c4a9167288816d21c61af047500caf7f16cc0822a3b7d6b6c44a76ca64fd12d95e0d1544

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CAR.BMP

MD5 5fc366b3371bde5c769a8c5b9d0ff966
SHA1 124f3a48111e1adba8cbee101655d6bf438c9129
SHA256 4b0231a2577be467d7d37612b75e38d6e944b7ba757f7fe1c36b697e0fc5ee46
SHA512 e78445e2e70e7ffe3100ff91f5c388817b3cec3964e58ea3e5f415e221c88faf421712d363edcb954ec32d929f6c9e7e3da9e8fed0877e2516312afc5fa585b3

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\index.html

MD5 6e86736d64a4522b490c716cde97a8bc
SHA1 e48de1ddecfc842bbb8924c1023029ec21f838f6
SHA256 26d4e150e3fcb0b881d9cadf4adfc1aa369ca96e16b46c6935b7903d3916c04e
SHA512 67fe43cacf04a4844c4b11580ca549f4cb7fff160f32be5cd8d8449a6c47775f91a78b6503802615a5fc7e450358bfc53d486a07d302099fc73f8d67fa2b9804

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DBITMAP.LGO

MD5 c7eb72cbf51334c39e297403a6e00e5c
SHA1 eb8e6b0b81888da182730c055ad228907c0e49b1
SHA256 f29fc7faf7d4bb8797367c5ab027c797c2af33edcf081efa9daa7a7e7bd9ee0f
SHA512 f6e79a3e723baeba11b21694d5177d8211510ac69e770f9f05553094c681e91613c2e6687da1b253a72d9e242c9975c25d62b3493fc070a1fdecd41cf3bd02f2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\icuin30.dll

MD5 3204dadc26ec04db0fadfc9adf914513
SHA1 fc4bf25277ce523b235b09eead166b05081cc943
SHA256 195a654a1bcd29d42543c870b72861fe07558c347426931b0e9e18defb445406
SHA512 7c271459281bb6fe596431ce1f4e48d95e6d58dac286f475700bbe5e48feed53cb0bab387e66b827334f8672ac502dc77655e9020f2db174d6a62e1bfc738d96

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

memory/3840-491-0x0000000000D60000-0x00000000010FB000-memory.dmp

C:\Config.Msi\e578ec6.rbs

MD5 97c96a92511cb735167c88e61e23e10e
SHA1 5442a97b449c3107b54a143dda4df3e24245b117
SHA256 6a4d49075923d3419459cdae6a294b33cbe4c761ada84f0434122c1e6dfb963f
SHA512 d0bcb807cc9528f2b4c08d976f2007080325607e9a2ef8d94cc30ea5af060ead0def4162345f99ef9b666fb40c382e5037f6344c01b9472b6d0508d41c52088f

C:\Users\Admin\AppData\Local\Temp\DEvpHRdjBk\_Files\_Screen_Desktop.jpeg

MD5 46f02bed57104629b1878182dbf1c29b
SHA1 6cc7fa702dbd13656d0d434360171161c851bbfb
SHA256 a19a593efb7fc640e48ae80400bd4caadf9e2234a29427d425028f09a276465f
SHA512 7ac6138e317355b33afc48dec5e3ca788d8d11a69fad84811436ee70da6621834fb8e7246e54f06df2cc9cae2dba051d126b48bcba17b7d99cde3d379191f90d

C:\Users\Admin\AppData\Local\Temp\DEvpHRdjBk\_Files\_Information.txt

MD5 cce09e90a634fe19c2710c13f1da065d
SHA1 f0ef5b1ea557ce8d311f426c3e74b532b38fcde9
SHA256 6670c43bac9d54c43ace4c91b5e85f8fc086adcf656d96df0db5f1aa5bda94dc
SHA512 d8af52dcd45303787085e3d9c9a09018fb9fb01fd126391102b56866a752f485af0a171ad147d02793ef47c43ed6966bfb064d634ffba08e9613f382572cacb0

C:\Users\Admin\AppData\Local\Temp\DEvpHRdjBk\_Files\_Information.txt

MD5 1eecdc8d94793f937ce91034d358aa97
SHA1 901fce7538e7755225a91048e50c7d05ddd9c430
SHA256 39aacfb2e37e43709bc260fb2e256a956c6db16192890c4582b99eda7cb5b469
SHA512 3d240b8330c8e35fe7cb179a2764529b98d3eb685e0cace0315d4df58708e84a611d406c84fe18e3e2dfe8131001c256d5bcd8b8e3277e0eae2c5ec9810219c9

C:\Users\Admin\AppData\Local\Temp\DEvpHRdjBk\qcIEcsRmokPqR.zip

MD5 3812487babd5e3faa1be606d1a4e5238
SHA1 768c671843afe3e1c51938a37a251ab54e9f989e
SHA256 6ba9ecc048250aaee479c49a77df4b7857d2e857f427c11690c8800ce95cb6bd
SHA512 eb7801ae78ed8a6bd85ad75dea039d22514d629c38de5066334e6fa60af255bbb3e21100ab8d8b17943c1864803e05565cf4be3bf7d91e2b82360b0fa6dcd857

memory/3840-623-0x0000000000D60000-0x00000000010FB000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 22:30

Reported

2024-11-24 22:33

Platform

win7-20241010-en

Max time kernel

73s

Max time network

80s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Babadeda family

babadeda

CryptBot

spyware stealer cryptbot

Cryptbot family

cryptbot

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSID5FA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID8DA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77c4c8.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID6F4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID7D0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77c4c8.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE431.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77c4c5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77c4c5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID482.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2928 wrote to memory of 1968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1736 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 1736 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2928 wrote to memory of 1348 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1348 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1348 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1348 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1348 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1348 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 1348 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2928 wrote to memory of 536 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2928 wrote to memory of 536 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2928 wrote to memory of 536 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2928 wrote to memory of 536 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 536 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 536 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 536 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 536 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 2952 wrote to memory of 3048 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2952 wrote to memory of 3048 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2952 wrote to memory of 3048 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2952 wrote to memory of 3048 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F347D0BBE9DCDE33CF4D0EE6A46E5257 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1732227962 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A305A7B2C0245F2795850FC143245C32

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe

"C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\WhHNlxqrjoJZ & timeout 4 & del /f /q "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe"

C:\Windows\SysWOW64\timeout.exe

timeout 4

Network

Files

\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\decoder.dll

MD5 454418ebd68a4e905dc2b9b2e5e1b28c
SHA1 a54cb6a80d9b95451e2224b6d95de809c12c9957
SHA256 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409
SHA512 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi

MD5 68f6c681ccc9cefd9642fef8b5cd75b2
SHA1 d2002a07e362813e3866378f78b880cf168002da
SHA256 4ac28d03135f3f09894c9f5b32931df8d490159f9b4d9d9e68ff249d4f9be739
SHA512 39985b0c3d3350d576936b7d4f77d653ee93de68643e9dd27d40bef8d8a5aa545e8b9d7b839659206bcf0940436a3baa540a05a1281bc95dc56acf71193cbed5

C:\Users\Admin\AppData\Local\Temp\CabA575.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA5B6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\MSIB92E.tmp

MD5 3d24a2af1fb93f9960a17d6394484802
SHA1 ee74a6ceea0853c47e12802961a7a8869f7f0d69
SHA256 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88
SHA512 f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

C:\Users\Admin\AppData\Local\Temp\MSIBAE4.tmp

MD5 0be6e02d01013e6140e38571a4da2545
SHA1 9149608d60ca5941010e33e01d4fdc7b6c791bea
SHA256 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3
SHA512 f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dc3214901d67080bc9667db76ef52dc
SHA1 629fecab0b24cad3b6481206581c4aab4c5ef2a6
SHA256 8cd546967c09be011b5e83afe3123ede0b2680b8607a93d57cf97af144d33cbd
SHA512 4a8cc2798d4f4e1d45fa368ca21f85d88af24103cb2870c5c2078ff30690596559e3ed49282fc42b42c78946f154f2f750be9e5a12b9ceaa43fb68b1086ed752

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0888dad13643be2a6abc481bfa93103
SHA1 3c8e042df9e61fab6b70d03aa0004a4cc493cd3b
SHA256 4d8e251e8eb6833ca454284bfa46e9e12df22d8452fb14deba23668f48a52703
SHA512 fecfbd0d03822913f81676fa64acd66acc0ce0314949db9d707f86d8a372ef7ea0653f352a7f29f819e31b58997baeb88c2f18c956524ece20c9169ab941f2f1

C:\Windows\Installer\MSID8DA.tmp

MD5 2a6c81882b2db41f634b48416c8c8450
SHA1 f36f3a30a43d4b6ee4be4ea3760587056428cac6
SHA256 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805
SHA512 e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\qwebpdV2.dll

MD5 9cd67695fcba8780d389442ff8ad43d2
SHA1 2cb7fee581066294516041bcaa3bd0bb9917210b
SHA256 c4a78c680a0df3be0a07fa45cdfe1cf1b632bf5b6b8772444174ad9ee41ce455
SHA512 0a8f47e5bad81bd0da064ee602a5ec162abdd537d6fa625bd6f4c52cb84224e86079ff1adb4133999b76356a9d185d4ad2ed906cf83134affca57cc71bd39aa1

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\bsconsole.exe

MD5 862bdeb6127c708986b3f35fbb3c0358
SHA1 9da8fb4ede3495782db44a3b66bf82caeaa95a2d
SHA256 dc0bea0732c39b709ae477630b359321bc46b6b039b9d47b79711c85230aea4d
SHA512 ff01cb7ac8e34766b05dc231a5b1d5c2ef05cdb91466638b443abd61be2a582e9c8319fad38f26a74e9baf773710eef3a9bdc81ff2afe2580e6ef5cb5b716950

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\ugof

MD5 f7974c955a850c79b7d051450bbde204
SHA1 c3e444061f92cda6ea172f1d16512dc6895d3d3c
SHA256 a09a6ee7aa2cb89841d2b6e7b8c616f72eae5ca410098638d690a56cc567c78e
SHA512 a9f512d26fd27337284f74b116e728096bf9348f65ee2658c6d7ff4ee08846b6619d879275c144dfc4dfffb6e587ea981ebc0c857172e4de3f68900f82110f61

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logohelp.chm

MD5 4498d1584997d8ee7626b51f23bccdd1
SHA1 707c0b366848b51a16be5b858d021d1f687a4a6e
SHA256 1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81
SHA512 4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\README.TXT

MD5 2f271a2d2d92de5579f58b32f59993b2
SHA1 7582831fc25e3ce9c327706fd6d27f8a19e7abb0
SHA256 c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d
SHA512 7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\LICENSE.TXT

MD5 cab5d95bb20bd0f36241edd276851797
SHA1 31848479ee67d58a013f018bc165ce1674166c3f
SHA256 4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e
SHA512 c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\icuin30.dll

MD5 3204dadc26ec04db0fadfc9adf914513
SHA1 fc4bf25277ce523b235b09eead166b05081cc943
SHA256 195a654a1bcd29d42543c870b72861fe07558c347426931b0e9e18defb445406
SHA512 7c271459281bb6fe596431ce1f4e48d95e6d58dac286f475700bbe5e48feed53cb0bab387e66b827334f8672ac502dc77655e9020f2db174d6a62e1bfc738d96

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\turtle.bmp

MD5 8e5bc954263e6706359c06686159d143
SHA1 b5cdbfb8d0f200b580116404c6b6433b4df2c9d0
SHA256 bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c
SHA512 66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DBITMAP.LGO

MD5 c7eb72cbf51334c39e297403a6e00e5c
SHA1 eb8e6b0b81888da182730c055ad228907c0e49b1
SHA256 f29fc7faf7d4bb8797367c5ab027c797c2af33edcf081efa9daa7a7e7bd9ee0f
SHA512 f6e79a3e723baeba11b21694d5177d8211510ac69e770f9f05553094c681e91613c2e6687da1b253a72d9e242c9975c25d62b3493fc070a1fdecd41cf3bd02f2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSTEPS.LGO

MD5 8bb174bb497395b6d679af159b75e9b1
SHA1 6e286d495c5720c6c236f2d521e4baa7affd09ed
SHA256 520cb66f51f5822ab2c164fd23badf8879f3c22f63706a9875b4f3d87db0919c
SHA512 6ab2ec5c91442c6ba0412d6d66b65f274fee303a053f883ca934bb8791c18871c239347967c1ccaaf56724aa1115a39257deebfacf70abc7ce7d8c6ac715122c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSIMPLE.LGO

MD5 77eae74dd7bd2ca9982bd2f12adff615
SHA1 9c82d2fadc1ead2cd0848a261b1430b49f806e79
SHA256 4018202e5192fdf1e92a2d4784b884af3c9f27409cabe16a8f1b8803df599ccf
SHA512 0d2c268994584fa15c88e54f7c673349ee259f006a40b69098b673d28ecaca6042840b98198015b80cfd61b106b2585ff05f47e6c470b4e8a2aa6cd967a6ffe2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DMOVIE.LGO

MD5 85319eb1c4096384e18e71658148190e
SHA1 7cea0551747d67b4a08b6f78ced0567199f8e38f
SHA256 979982407f136490d2d2788055cc0feae741f584f8daed331f18cb5ae969c287
SHA512 2d20c9c509b929f6220bb62b047177db9fdf4dc6c891733733c1db0c3deb8a12a802cb17ba1567cea5b3b24b0f707ae75be0108dea2b23c7086abf931ab8db66

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DJOY.LGO

MD5 1dfb4a0a7e6372acdb89c2a9817284ea
SHA1 d87b2a9d393c3515dc2712c93727db41d600ad80
SHA256 e10b673f954c12e31812afd7773dee18940fb46b2fdd9aa70ea9ec3d4df4b488
SHA512 f80b3215c8c7162be25c5897e5b2bf60461299eedb18d4217e73ca2607afa6dcbdf9c3ee929eeac8f7ed6761febebc068451131b9cbfb6c625c50a8e7ef0e96d

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\AXIS.LGO

MD5 3be7e79f251f5dee60215a123df636bb
SHA1 5fce52c40ad8d6054f77bb5e84cfee34b145c447
SHA256 288e25d6e2b5346eab20256bb581aadb6e3752076412d60934642f79478be20f
SHA512 02d9ff2aefd3e29786f5b674b6d3458bf25ec221d093f1f6ae3ed6828912a2e7cf421fa3166081cda2e9fa0deb6497ad767510d22d63bf702ca644a6a5c64c76

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\CHECKER.LGO

MD5 829044c299c931e3773faa5340869b2d
SHA1 4a88dbf1901bba3b5d8b4cf2bb7c66998add9a58
SHA256 2cf7197f40b2cdb9b381975690f664a305696a1e84b56202364321b009e5eb54
SHA512 65bc42f88c69b1539ffac2d34a45efa98b8b684c3a35643f779a1176d3a0095ff15ce51d816b314b35c6ad73c3e59a47b9601947f0db96f772a1f7a405fa0c37

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\fmslogo.bmp

MD5 074091f21cae34e830cac8ef5422b840
SHA1 2cf882243c45a7bb657cc74543850c07227ffa3d
SHA256 f8656e1e1ab41af29efa9550769e354e7e0f4476b802e32090e706880ec86603
SHA512 62ea398ffa3be0ad6c128bb51bb6d28d9dd2366420beb88a357d27f3a3d3951e69b822e23c6f4389d994408e647c4ee294a37f71615a4945b7d25ff851adcd81

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SHUTTLE.LGO

MD5 ba4b027fb49d27471ee578dc93d5296b
SHA1 d9fdd8bed9931dcdb2d3f3056cbd5286d903c6ac
SHA256 0d4839f083cf2037256048560fb3979113f2948941d580158dde559429491ebd
SHA512 65bb4b4fe447c5c86bde7d4e85b524cee9e707c0ab10f07df189fdddb844a1fa83cc29aadd0c99028d71a17a6158ae6b3104ae1cd4a01cad60ae0daf84efff0c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SHUTTLE.3DV

MD5 e00bbd821c702566c9d17e47bb00d665
SHA1 a9ba7176147341e1555b0c63592bc57d371063e6
SHA256 ca6769e5a8b34067878e96647027ed50dfde0402ca4371bf008589d9e53d188f
SHA512 1f16a7245945f4e70e0c8f44bce86537f01fd6f5d172c35f450894edcf51f9630822631bc4301bed44012282e7ea3f1ae0f7bd95311b6e97b0d9fbc7d6b0e95c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\STEREO.LGO

MD5 d62e05f8d0dfcec9216febad10e110ca
SHA1 25cec291197969161924b7219ceb6a8dfdc4b45c
SHA256 780eb93d0eb99cd2c75137be9e37205b220d44892c0ceaa0ae090d2cf7624b92
SHA512 371d62f09d5d5ebdb9970d7e37f90ed3d4b3ee5e5e9c8ecc3cd51ce0f9917b121d6ec666ae8d985c9e1c500cbb3116d3fe3135d315875a1d9df65bb91e1f3a20

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SPHERE.LGO

MD5 7b7b9b7b4be184e7fabda2d590c93923
SHA1 4657b5a118948a309a9d1478aeab63ac8625efb8
SHA256 578342aa2c859a7e2930f4051169306178122c992595ac809f3a2f603d5cf73f
SHA512 bfbf1a2f68b1b9f2cdd218f2f8053ec1768f25a96ba31f879641ed24918cfcf5667b473396f3c87b8aebbc37a016fed02d65e883ec5c5b0e339baeae32024000

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SOLAR.LGO

MD5 6c567d552d2fe350bcb0986273162253
SHA1 bb8fc18067bf1ebd8445ac22e2486a4ddf0d3242
SHA256 faf3487c2b65f41ed6b534280625a40f936d08ff225f9c5484bcd84655f8a53d
SHA512 bb31975f186281e4c357fa6e8d6fae13c0f83b07714f822bba78d790fd9c2bc3e486d4f3309c5e6c22f651469ca1dfd313159e9d5c5fbffd3378406f208d60fa

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\ICOSAHED.LGO

MD5 1a52a14106fd3e659d3f960f7cf45ab5
SHA1 72e840e28848c0e0ea0c60eae20bfd775043c8e3
SHA256 9caf0a5e3ea51b7125a67fc6a8acfc21aecce0bb35746bb57c0abca8e9c801fa
SHA512 e2d81e0d9f9f9199296a097e859859227e31063110568221deae5a6651378a45920915a57b6c84c64e1ea497fa59621d0491133d05525b46796735f50bfc6a0a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\HILBERT.LGO

MD5 bf351f6bd2d7a44fcf9bcb99324d4b36
SHA1 52bc9e082584357fde1f4daffb840573cec864b7
SHA256 1e0bbb9ffdabe16183a87c789a4e737f2c46179b01c71c7b8a88ac62fffb2c11
SHA512 6d44570429ffe78645ae6fb659d1b528a05b1aba77213ca62668ab2144aa26e267fd8493b6214d9bde056d33c9824a50f76381b4b8ca2a0aa6f2b7fc24525d74

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\TORUS.LGO

MD5 362cada28e17ad2e41b5fafdb31f41fe
SHA1 1dac44fe205cfe218b0007560827b5631b937af2
SHA256 27be594b0236fc144ff7553084ed2a1473332038ca104006b0edcabc6723c7e4
SHA512 c3dc94584d63e10717e48c6a4fac17eabc9eb96fb3c8788937c344b6f7abe50d3166dc3453fe40d10ce658372bda63c6c246b261c131759cda96e5d5fff58e1a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\index.html

MD5 6e86736d64a4522b490c716cde97a8bc
SHA1 e48de1ddecfc842bbb8924c1023029ec21f838f6
SHA256 26d4e150e3fcb0b881d9cadf4adfc1aa369ca96e16b46c6935b7903d3916c04e
SHA512 67fe43cacf04a4844c4b11580ca549f4cb7fff160f32be5cd8d8449a6c47775f91a78b6503802615a5fc7e450358bfc53d486a07d302099fc73f8d67fa2b9804

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CARMASK.BMP

MD5 afe2ac27f1ae91549f64971d1ba81e1c
SHA1 a717af1a26506bf440d8ade244e12b9283b2b7bc
SHA256 c889fe2430b247aa02e7a101360002b88151cfef4df3a99116c22ee80040db0d
SHA512 15f45e1a6743fd2d6b2ae06840466e20efa3018e659f3af65bec14ae372f42adc9ac81e5745c38ad7ae40d6c033d087d82699975afc482d89e441b772ed4703a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CAR.BMP

MD5 5fc366b3371bde5c769a8c5b9d0ff966
SHA1 124f3a48111e1adba8cbee101655d6bf438c9129
SHA256 4b0231a2577be467d7d37612b75e38d6e944b7ba757f7fe1c36b697e0fc5ee46
SHA512 e78445e2e70e7ffe3100ff91f5c388817b3cec3964e58ea3e5f415e221c88faf421712d363edcb954ec32d929f6c9e7e3da9e8fed0877e2516312afc5fa585b3

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\HANOI.LGO

MD5 a21687bf228a38528aa1963d2c8a78e3
SHA1 c816e2c99e20f2a79ec0ce9a8e0e9f3c05c9af13
SHA256 288699cdfee3880ca1ad2056e1cf4a2217a9d684005c5c690a6594f3d54709ae
SHA512 1802a7ab95a54fd17c11e2214da5c671618994fcba3efe2e4d366c59e8941a592f845c9f71826d266b15062554e6a32fd207ec09cea14e7bf12fa66966bff887

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\JOYSTICK.LGO

MD5 99dc857ce06ae8878881adb61e4f1a40
SHA1 1cd90a57c1fd3cccf4ba2bd5c4d6eecf1bca6a1b
SHA256 3a8f8507f77f89a00c45c50f1d98bbb4ec0da58706d8e3bcc2ffd2be9f5b89a9
SHA512 367887c6aa8bb4e23ffad02f0a1e8e6c1767765aee04ab1c1b11c0cc4519c2cd68f16cf26e8546d98031e8bcf121ec646b5b59b351cea8057557dd0fb3625a85

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CURVES.LGO

MD5 a20a8a5480c82964f58b62ba8b29f932
SHA1 1d48183b50b6abb30323b70922175042fe573f18
SHA256 4ca29c112c6486054e71ddbe4c49b809e227c9e2e6760b4c36ee30afd7b255cb
SHA512 f561e9d53d2c6d896abf80bde1e1ed2adf2aeb5397e9b73723d0cbbb69129a084d570a412e5d409c3dcc154a37f6b106d6c704141effa6fef0363b9f20c67e5e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CLOCK.LGO

MD5 c4acddb7dacd73b0a509fc54e9c607bb
SHA1 9f1e79be02b00a5eea5d615094eda6ffc4a45af0
SHA256 070086e62f194b7de43c7145508c1e68b8081d7c8393a43e4c49d6e5a147143d
SHA512 e21ec056a9952a441ba571db14d681274b1384e6dd10299d193223516f6ffea9bcc31c3bc114bc9cea8e71c9ce15fc483e7d51ca0295e8d3cd02aa81838ddb17

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\PLATE.LGO

MD5 8cea513a308679aefb4edba1375c4cd4
SHA1 0aa936e6cb1dbda47b22a4fd3c506002e84b4ffc
SHA256 924f989f6f9f54e97df021e22ebe002aa44ac8d69d44e289cdfa6644ad70bfad
SHA512 a8987e1bb9b06741b27800b34144ece709012d396b8501dbaef90b4686cc67ec0ff78d3084eb130f8553972dfb72a35f08e510f783c56890897ec406123f612a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\ROAD.BMP

MD5 11836818b440d6cba5a3aef15393a5e0
SHA1 4c49a9d1bd3ece0e031d80e8746e55f0ad08f399
SHA256 8a64eef1ee52de71fcd074dd39ebeb408558da79a7dbf1ef4305e9a4a23ced58
SHA512 15fa97e739906957ecd9ae9f939d4dc3b6a4b211bc5dd23b68863e53c8df72a3bae7cfb5367d8780f0cf37ac322c88d981565f85d2da61deb8652db22a879476

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\SPRITE.LGO

MD5 54085d51ffc8c72c37a70a0cfaf5354f
SHA1 7134793d8954f439284b5f76cce6095a97a4af81
SHA256 2e91c6dfb9317ed8a7e9e798bce808aedfd3dfb0b05daecffcc7d8ecbad0fcc6
SHA512 1921a7cd80b17b0bd2e98b74dde8f5a0884e0874b93869d732371760a3f087b56941dcbffba35b7a6924bea233336aec778d62c740dd92d4a6c0093afe27ad56

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\ECHO.LGO

MD5 4ce0cb03e9b2e5707843f40f051c7e2a
SHA1 cf264b2656cb5515edd4728cbd3800aac335fa9d
SHA256 de0662b380865e9a1986d583c3279f1daa806db77d8a51061e9ceb9fa4c1dc04
SHA512 94d09dc730eba52110824cc46560172dde98bcd8cb8065637868baf9f9c11929ab7d847eaa4588f0f72c717d95d0bb9841eeca18c0ed06f1fef06bc12041e8bb

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\CDROM.LGO

MD5 b7e032a03eca04ab9a57cd9378c2daea
SHA1 9819866aa84e9f69ac1cf244306e4055c20376c2
SHA256 4dac6972d0437a91f0e8d122c2d5a3b3dbd7ea7cae44ba30a210b948b7bc8082
SHA512 1ce2cd639efb2ac6ad6dbff9ca895485fd67d27b0497973003957769c4a9167288816d21c61af047500caf7f16cc0822a3b7d6b6c44a76ca64fd12d95e0d1544

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\frogs.wav

MD5 29ee1c1753fc1c9f203c19d848c63c24
SHA1 f50fe3bfecfa872cb47bd218ff7545b1a1d858f0
SHA256 12ac3386432759ccf45c9e531c351ec5a049af608233160f6d23978c58f00001
SHA512 2c2c954500df3c5de10dc05bd91b4cb77163440f58ed516cd01af0349114907595f1a9165db406bb25053ac206aa36753db7f1c23a119557f698419fe65bd087

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\GROW.LGO

MD5 513bbfe7b10a230b9ccd71071132e60f
SHA1 7ae0d03ddcf3f07760009625b7a61724899285e7
SHA256 66dc1d10c8d6a022ba82a6d446786e894a540ef3a59673287ed33d00be9a1293
SHA512 c14dbf4c407c4918e5404a94d0e96e602ae8a731f668c792a64703c6c50410ce1dddcf4f0b97f5796e98a9f0abddb439e5a124783260ef8b815cbd43a3bcae3e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\MIDI.LGO

MD5 c22e11b97c187b90cd5ef7301c4c4dfe
SHA1 c053efe04e861e77d34b2054163f9e22677deb65
SHA256 d0ec35bb6cdc36621db633dd61eaf296368c4046ee0d5d5d9b37c5a572581b17
SHA512 6d05655e153ce98f3aa1851b0cdeb664e08629daacde9638c28ba81b37046301c7acb239b174848a20bcf6b93e2acb95539d39a5ed8a1212af5d1b50a75e4afe

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\MIDIFILE.LGO

MD5 6ea09ca25cdfa1ce3f1ce56fe71a9d6d
SHA1 e9056ee56f9b94271deabf6641186536a39b0953
SHA256 75a5dd57944dd55d6c3b3a99c14cce5b0e78701594dce3aef69c3fc5032c1520
SHA512 b9bc85a5ed091cc8661e438ce0aa420b23397be562ccd750f0c89cb2fce5cf7300feee5a8cc180ea2d1f132ddd70ba850cee4c088eac4aab7edd8ba19d244a17

C:\Config.Msi\f77c4c9.rbs

MD5 ab6984aa8ad67097f3fc9d62d06378ef
SHA1 0e30564a111954c06ab962c446e5fd0d7298aa67
SHA256 3f12fc6dfdba5fe480eb04bd667a34f8f6f26b9161166f8316b59ee61eb2481b
SHA512 f8d5c1fa1a3decc84c28ebe1dc8b373fb67fd816a5e6c972bf475471c556de2517f6934c4c71ceb3b91cc277fd53fd209740ed31b5c0c0612149b4bfeaadb8ae

memory/536-573-0x0000000000C00000-0x0000000000F9B000-memory.dmp

memory/536-576-0x0000000000C00000-0x0000000000F9B000-memory.dmp