floxif | 742a1e53921514df24066cbd99bdcd8fc2ef4e8844e11081dec1d3fb9bd04271

Analysis

max time kernel
92s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
Size

22.3MB
MD5

32e8e24340fa0f8050e9fed244de8451
SHA1

ebddf519a2b0d78b515250f1eec465db4b6cdbfa
SHA256

742a1e53921514df24066cbd99bdcd8fc2ef4e8844e11081dec1d3fb9bd04271
SHA512

6149ab231a92316a8672ba8a01bb7c829ad0efd629b48706b097a8973d7b25a96773dac54efb2d4d9c07f5bd48eab48f8d26545e276c82a950fbf288ddcf576e
SSDEEP

393216:GXYKjHs4737sM3HgVrAmIQoLd28A+a0r/DdXLnEsRgcHcqcp0q3WI28d+olEj:GXYKLsstBg89xDdbn8c8qk3N2Qlu

Score

10^/10

floxif backdoor discovery trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral2/files/0x000c000000023b8c-1.dat	floxif

Manipulates Digital Signatures 1 TTPs 1 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0E163CB0FDCE9E468EAE5A9600402132643ADE48\Blob = 0300000001000000140000000e163cb0fdce9e468eae5a9600402132643ade480400000001000000100000007b1ffa43ba9dbac4b3893effd386d003140000000100000014000000f6aae1de13f29375ae855eaa0ec7f1526acfb0f719000000010000001000000014005b11663d5285ca9a734218bb60720f0000000100000020000000990c8a10329dc2652c3884245965026509222d4219e55405a1a0cf7a1db202d32000000001000000120500003082050e308203f6a00302010202102b13f4b6b65224ea499e5bf1f90f42b5300d06092a864886f70d01010b0500307f310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b3130302e0603550403132753796d616e74656320436c61737320332053484132353620436f6465205369676e696e67204341301e170d3135303531353030303030305a170d3137303531353233353935395a308194310b30090603550406130255533113301106035504080c0a43616c69666f726e69613112301006035504070c0953616e20446965676f311e301c060355040a0c155155414c434f4d4d20496e636f72706f7261746564311c301a060355040b0c135143542055534220486f737420447269766572311e301c06035504030c155155414c434f4d4d20496e636f72706f726174656430820122300d06092a864886f70d01010105000382010f003082010a0282010100c7c353c4328659cbd10802db6b6721e0dcebd0bfb0763d3663f561288216b040e894c1717eb8540e167a71b925c6a73e7f5772c8e4feb4e28e9bee6f91134db39873f97545ec98ebffad31a7036ecdb3a2051bb3440bceda2ff98c4ff7a5071eb2457e1ce31d20b0af7215fcf8f10bc2919b743d751aecf57de987f487a567cba87d6fb196dd5edaccb4ae11eb487961ab7a89340cf1b3c9651299bfab193e85bdd3cfbbbb8bc36c020d48b756101b3e3e10e95173c85610d74a8c98399655af13300f8e73c797cf6be3164200260cc0aa5e29eae91a5716cadce1a9774de776ac2ef6a436ff7339af9c0c48b5b42ce0afcf58afa5c6be95282b53166bb303870203010001a382016e3082016a30090603551d1304023000300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330660603551d20045f305d305b060b6086480186f84501071703304c302306082b06010505070201161768747470733a2f2f642e73796d63622e636f6d2f637073302506082b0601050507020230191a1768747470733a2f2f642e73796d63622e636f6d2f727061301f0603551d23041830168014963b53f0793397af7d83ef2e2bcccab7861e7266302b0603551d1f042430223020a01ea01c861a687474703a2f2f73762e73796d63622e636f6d2f73762e63726c305706082b06010505070101044b3049301f06082b060105050730018613687474703a2f2f73762e73796d63642e636f6d302606082b06010505073002861a687474703a2f2f73762e73796d63622e636f6d2f73762e637274301106096086480186f84201010404030204103016060a2b06010401823702011b040830060101000101ff300d06092a864886f70d01010b0500038201010066d5d6f1c898c17d1cec0581ff7b84a9ef8828fe9b59caa3cf74a0ab66cbb36614298eec716a1c8acb1e971a6b2790210f09f7d7efa66bdf97a22b6887d876ae2781a168fe9fd68ef1933322c731ec3b93ab08e198b7a544a9d387b08951806e28e414d7decb106038dc3ee5bdb2845faf4cc5c6540a52fbeb5719965d523e321672919ecde1058e82292fb91885cc18a62c1c145453a8684fd6e26277e54dcb8043186adfe5a8f5124b4b826fe764c39c1d8431d4d05cbff409ed35d569f6ca8d0a13dc3c88f56eeac7b9fbd5e95cd2cc8fb99a61d75173d21d52e2fa160b6d1e5e7058d0bde5aca560ebfb2ffe00b08d7fb896211fd10037708e36fd4f3860	DrvInst.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000c000000023b8c-1.dat	acprotect

Executes dropped EXE 13 IoCs

pid	Process
2160	ISBEW64.exe
1472	ISBEW64.exe
1780	ISBEW64.exe
3080	ISBEW64.exe
2536	ISBEW64.exe
5024	ISBEW64.exe
3384	ISBEW64.exe
1832	ISBEW64.exe
2272	ISBEW64.exe
2512	ISBEW64.exe
1684	ISBEW64.exe
1576	qcmtusvc.exe
784	DriverInstaller64.exe

Loads dropped DLL 9 IoCs

pid	Process
756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
1892	MsiExec.exe
1892	MsiExec.exe
1892	MsiExec.exe
1892	MsiExec.exe
1892	MsiExec.exe
2952	MsiExec.exe
784	DriverInstaller64.exe
2952	MsiExec.exe

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\e:	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	rundll32.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\SET57E0.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdss\amd64\SET5CC1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\SET5D03.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\ndis	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdss\amd64\qdbusb.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdss\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_5b0e44f80f8a8e2f\qcfilter.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\qcwwan.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_da7c440389b70c99\qcwwan.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\ndis\6.2	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdbusb.cat	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	rundll32.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\serial	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_5b0e44f80f8a8e2f\qcfilter.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_5b0e44f80f8a8e2f\qcfilter.PNF	DriverInstaller64.exe
File created	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\SET4F26.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{889067c1-280e-824a-bee1-a11a488516b7}\SET55AE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\serial\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\ndis\6.2\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdss\amd64\SET5CC1.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_011cf7b068aef58d\qcser.PNF	DriverInstaller64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\qcmdm.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qdbusb.inf_amd64_4ef97d5ab321c09e\qdbusb.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdbusb.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\filter\amd64\SET4F27.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\filter\amd64\qcusbfilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\filter	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\SET57CF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_df834dbe3a4f2ca5\qcmdm.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\SET4F26.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qdbusb.inf_amd64_4ef97d5ab321c09e\qdss\amd64\wdfcoinstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\ndis\6.2\amd64\qcusbwwan.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\SET4F15.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	rundll32.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\filter\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\serial\amd64\SET57F1.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\SET57CF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_da7c440389b70c99\qcwwan.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qdbusb.inf_amd64_4ef97d5ab321c09e\qdss\amd64\qdbusb.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_5b0e44f80f8a8e2f\filter\amd64\qcusbfilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_df834dbe3a4f2ca5\qcmdm.PNF	DriverInstaller64.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	rundll32.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{889067c1-280e-824a-bee1-a11a488516b7}\SET556E.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{889067c1-280e-824a-bee1-a11a488516b7}\SET55AE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdss\amd64\wdfcoinstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\SET5A12.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qdbusb.inf_amd64_4ef97d5ab321c09e\qdbusb.PNF	DriverInstaller64.exe
File created	C:\Windows\System32\DriverStore\Temp\{8f286732-f09a-1c4e-a715-2a39feb06f4b}\qdss\amd64\SET5CD2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{889067c1-280e-824a-bee1-a11a488516b7}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{636686aa-18eb-1d4f-be02-b21cd8778ed5}\qcser.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_df834dbe3a4f2ca5\qcser.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\qcwwan.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1273be5e-8539-be41-bc86-5e6560d4c3bc}\ndis\6.2\amd64\SET5A52.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	rundll32.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000c000000023b8c-1.dat	upx
behavioral2/memory/756-4-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/756-66-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/756-69-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/756-74-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/756-79-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/756-527-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\i386\qcusbnet.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\i386\qcusbnet.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdbusb.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\i386\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\logReader.exe	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\amd64\qcusbfilter.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\amd64\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\i386\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\amd64\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Difxapi\amd64\DIFxAPI.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\amd64\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcwwan.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qdcfg.exe	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcser.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcfilter.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\i386\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\ReadMe.txt	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\amd64\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\i386\qcusbfilter.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdbusb.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\amd64\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\i386\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcmdm.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcser.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdbusb.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\amd64\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriversInstallerCA.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcfilter.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcser.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcfilter.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\i386\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\amd64\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\i386\qcusbwwan.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\amd64\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcser.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\amd64\qcusbnet.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\i386\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\i386\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\i386\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\amd64\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcser.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\i386\WdfCoInstaller01009.dll	msiexec.exe
File created	\??\c:\program files\common files\system\symsrv.dll.000	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\amd64\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\i386\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\i386\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcfilter.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\i386\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files\Common Files\System\symsrv.dll	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\i386\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcnet.inf	msiexec.exe

Drops file in Windows directory 29 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DriverInstaller64.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File created	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI41D6.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem7.inf	DrvInst.exe
File created	C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\Installer\e584081.msi	msiexec.exe
File created	C:\Windows\Installer\e58407f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58407f.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI5F73.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI469A.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\inf\oem6.inf	DrvInst.exe
File created	C:\Windows\Installer\SourceHash{D9FB7F91-9687-4B09-894D-072903CADEA4}	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	qcmtusvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	rundll32.exe

Modifies registry class 24 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A\DefaultFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Version = "16777256"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductName = "Qualcomm USB Drivers For Windows"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\PackageCode = "50F96F0F677D720429F0EAB3F42EA9A4"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductIcon = "C:\\Windows\\Installer\\{D9FB7F91-9687-4B09-894D-072903CADEA4}\\ARPPRODUCTICON.exe"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\1 = "DISK1;1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4\19F7BF9D786990B498D4709230ACED4A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\PackageName = "QualcommWindowsDriverInstaller.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
4700	msiexec.exe
4700	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
Token: SeShutdownPrivilege	2092	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2092	msiexec.exe
Token: SeSecurityPrivilege	4700	msiexec.exe
Token: SeCreateTokenPrivilege	2092	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2092	msiexec.exe
Token: SeLockMemoryPrivilege	2092	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2092	msiexec.exe
Token: SeMachineAccountPrivilege	2092	msiexec.exe
Token: SeTcbPrivilege	2092	msiexec.exe
Token: SeSecurityPrivilege	2092	msiexec.exe
Token: SeTakeOwnershipPrivilege	2092	msiexec.exe
Token: SeLoadDriverPrivilege	2092	msiexec.exe
Token: SeSystemProfilePrivilege	2092	msiexec.exe
Token: SeSystemtimePrivilege	2092	msiexec.exe
Token: SeProfSingleProcessPrivilege	2092	msiexec.exe
Token: SeIncBasePriorityPrivilege	2092	msiexec.exe
Token: SeCreatePagefilePrivilege	2092	msiexec.exe
Token: SeCreatePermanentPrivilege	2092	msiexec.exe
Token: SeBackupPrivilege	2092	msiexec.exe
Token: SeRestorePrivilege	2092	msiexec.exe
Token: SeShutdownPrivilege	2092	msiexec.exe
Token: SeDebugPrivilege	2092	msiexec.exe
Token: SeAuditPrivilege	2092	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2092	msiexec.exe
Token: SeChangeNotifyPrivilege	2092	msiexec.exe
Token: SeRemoteShutdownPrivilege	2092	msiexec.exe
Token: SeUndockPrivilege	2092	msiexec.exe
Token: SeSyncAgentPrivilege	2092	msiexec.exe
Token: SeEnableDelegationPrivilege	2092	msiexec.exe
Token: SeManageVolumePrivilege	2092	msiexec.exe
Token: SeImpersonatePrivilege	2092	msiexec.exe
Token: SeCreateGlobalPrivilege	2092	msiexec.exe
Token: SeShutdownPrivilege	2192	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2192	msiexec.exe
Token: SeCreateTokenPrivilege	2192	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2192	msiexec.exe
Token: SeLockMemoryPrivilege	2192	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2192	msiexec.exe
Token: SeMachineAccountPrivilege	2192	msiexec.exe
Token: SeTcbPrivilege	2192	msiexec.exe
Token: SeSecurityPrivilege	2192	msiexec.exe
Token: SeTakeOwnershipPrivilege	2192	msiexec.exe
Token: SeLoadDriverPrivilege	2192	msiexec.exe
Token: SeSystemProfilePrivilege	2192	msiexec.exe
Token: SeSystemtimePrivilege	2192	msiexec.exe
Token: SeProfSingleProcessPrivilege	2192	msiexec.exe
Token: SeIncBasePriorityPrivilege	2192	msiexec.exe
Token: SeCreatePagefilePrivilege	2192	msiexec.exe
Token: SeCreatePermanentPrivilege	2192	msiexec.exe
Token: SeBackupPrivilege	2192	msiexec.exe
Token: SeRestorePrivilege	2192	msiexec.exe
Token: SeShutdownPrivilege	2192	msiexec.exe
Token: SeDebugPrivilege	2192	msiexec.exe
Token: SeAuditPrivilege	2192	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2192	msiexec.exe
Token: SeChangeNotifyPrivilege	2192	msiexec.exe
Token: SeRemoteShutdownPrivilege	2192	msiexec.exe
Token: SeUndockPrivilege	2192	msiexec.exe
Token: SeSyncAgentPrivilege	2192	msiexec.exe
Token: SeEnableDelegationPrivilege	2192	msiexec.exe
Token: SeManageVolumePrivilege	2192	msiexec.exe
Token: SeImpersonatePrivilege	2192	msiexec.exe
Token: SeCreateGlobalPrivilege	2192	msiexec.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2092	msiexec.exe
2092	msiexec.exe
2192	msiexec.exe
2192	msiexec.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
784	DriverInstaller64.exe

Suspicious use of WriteProcessMemory 50 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2092	756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe	83
PID 756 wrote to memory of 2092	756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe	83
PID 756 wrote to memory of 2092	756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe	83
PID 756 wrote to memory of 2192	756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe	85
PID 756 wrote to memory of 2192	756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe	85
PID 756 wrote to memory of 2192	756	2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe	85
PID 4700 wrote to memory of 1892	4700	msiexec.exe	87
PID 4700 wrote to memory of 1892	4700	msiexec.exe	87
PID 4700 wrote to memory of 1892	4700	msiexec.exe	87
PID 1892 wrote to memory of 2160	1892	MsiExec.exe	88
PID 1892 wrote to memory of 2160	1892	MsiExec.exe	88
PID 1892 wrote to memory of 1472	1892	MsiExec.exe	89
PID 1892 wrote to memory of 1472	1892	MsiExec.exe	89
PID 1892 wrote to memory of 1780	1892	MsiExec.exe	90
PID 1892 wrote to memory of 1780	1892	MsiExec.exe	90
PID 1892 wrote to memory of 3080	1892	MsiExec.exe	91
PID 1892 wrote to memory of 3080	1892	MsiExec.exe	91
PID 1892 wrote to memory of 2536	1892	MsiExec.exe	92
PID 1892 wrote to memory of 2536	1892	MsiExec.exe	92
PID 1892 wrote to memory of 5024	1892	MsiExec.exe	93
PID 1892 wrote to memory of 5024	1892	MsiExec.exe	93
PID 1892 wrote to memory of 3384	1892	MsiExec.exe	94
PID 1892 wrote to memory of 3384	1892	MsiExec.exe	94
PID 1892 wrote to memory of 1832	1892	MsiExec.exe	95
PID 1892 wrote to memory of 1832	1892	MsiExec.exe	95
PID 1892 wrote to memory of 2272	1892	MsiExec.exe	96
PID 1892 wrote to memory of 2272	1892	MsiExec.exe	96
PID 1892 wrote to memory of 2512	1892	MsiExec.exe	97
PID 1892 wrote to memory of 2512	1892	MsiExec.exe	97
PID 1892 wrote to memory of 1684	1892	MsiExec.exe	98
PID 1892 wrote to memory of 1684	1892	MsiExec.exe	98
PID 4700 wrote to memory of 1476	4700	msiexec.exe	120
PID 4700 wrote to memory of 1476	4700	msiexec.exe	120
PID 4700 wrote to memory of 2952	4700	msiexec.exe	123
PID 4700 wrote to memory of 2952	4700	msiexec.exe	123
PID 4700 wrote to memory of 2952	4700	msiexec.exe	123
PID 2952 wrote to memory of 784	2952	MsiExec.exe	124
PID 2952 wrote to memory of 784	2952	MsiExec.exe	124
PID 4232 wrote to memory of 4292	4232	svchost.exe	126
PID 4232 wrote to memory of 4292	4232	svchost.exe	126
PID 4292 wrote to memory of 5092	4292	DrvInst.exe	128
PID 4292 wrote to memory of 5092	4292	DrvInst.exe	128
PID 4232 wrote to memory of 3332	4232	svchost.exe	129
PID 4232 wrote to memory of 3332	4232	svchost.exe	129
PID 4232 wrote to memory of 4728	4232	svchost.exe	130
PID 4232 wrote to memory of 4728	4232	svchost.exe	130
PID 4232 wrote to memory of 2388	4232	svchost.exe	131
PID 4232 wrote to memory of 2388	4232	svchost.exe	131
PID 4232 wrote to memory of 656	4232	svchost.exe	132
PID 4232 wrote to memory of 656	4232	svchost.exe	132

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_32e8e24340fa0f8050e9fed244de8451_floxif_icedid.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /x {D9FB7F91-9687-4B09-894D-072903CADEA4} /passive
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2092
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi"
  2⤵
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2192

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9B49F73C0408356606EEA73D17D9FBD1 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E990AAC3-8B9E-44EF-AD78-9EAD1E4F5665}
    3⤵
    - Executes dropped EXE
    PID:2160
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{416E4BEA-1889-4D74-A40A-0EC9EE1B5796}
    3⤵
    - Executes dropped EXE
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A51F856C-AC71-4DB7-B93B-4077B14B1108}
    3⤵
    - Executes dropped EXE
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D65ED44-9B92-4E7A-81A7-4933089D4C3F}
    3⤵
    - Executes dropped EXE
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D063140F-CF18-4160-97BA-9A9226269D90}
    3⤵
    - Executes dropped EXE
    PID:2536
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B2D31F9-FACF-45AB-BE90-78FF84D5466A}
    3⤵
    - Executes dropped EXE
    PID:5024
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D4B3509-B7B3-4BF3-BB45-349C4024748A}
    3⤵
    - Executes dropped EXE
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B99F1E7-5C73-4AEE-873B-A94E6A271905}
    3⤵
    - Executes dropped EXE
    PID:1832
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E35FC02F-EEE8-47C8-8CC6-64554006CAC9}
    3⤵
    - Executes dropped EXE
    PID:2272
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CFCE0C88-2C6E-4FEA-A021-88DB6142526F}
    3⤵
    - Executes dropped EXE
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6EE72B2B-6D31-4EB5-8F82-27BB8761E27C}
    3⤵
    - Executes dropped EXE
    PID:1684
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:1476
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 898293D3806A38428BFC90DE2F965738 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe
    "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe" "/I|0|C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Suspicious use of SetWindowsHookEx
    PID:784

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:556

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe
"C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.inf" "9" "4f0333d67" "00000000000000E8" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Manipulates Digital Signatures
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:4292
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{c7129c0b-c74b-f541-9508-90666721e0bc} Global\{da7f8e08-2fdf-fc43-90ea-d79774920091} C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\qcfilter.inf C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\qcfilter.cat
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:5092
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.inf" "9" "4417f2877" "0000000000000158" "WinSta0\Default" "0000000000000148" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3332
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcmdm.inf" "9" "4f8e1879b" "0000000000000148" "WinSta0\Default" "0000000000000144" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4728
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcwwan.inf" "9" "47c727a63" "0000000000000174" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2388
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qdbusb.inf" "9" "4d5e0b807" "0000000000000178" "WinSta0\Default" "0000000000000144" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e584080.rbs

Filesize
37KB

MD5
dc543a34e3c59ad043b623d4175a9a64

SHA1
5e7dd748098c3ef1f8769bf3cad1f8490ff234a1

SHA256
b4f04cfef44471b5d2519608b278317e8d5a0e18ad0d7e21259ae6514f4c86ff

SHA512
d444cf9b783f9c58f47b2e538c4e83b1a9af76cdc59319af9e46cf4f864d9ff76cbeb78cab7d41c65ab4541c72cc8564c1db8fc5b4607b7ee48c25c3c39f8c80

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\ndis\6.2\amd64\qcusbwwan.sys

Filesize
535KB

MD5
d08431790b71fbd56875762df88185d9

SHA1
03a6fe5c60799a5c0a12f10e3aa837cddd026d81

SHA256
d6298128cfc0f56646340d8d67bf124412ea2e9852fe9342e36bff177a4a01b0

SHA512
1cceaddacaab89e76a350dcd96a1e329a1c2234ea6c33a5f48615f3f6d55f9aa62cb3690e6057df71df2191a98e5dfd712f2d5f3b6da410989adb40a521910ad

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcfilter.cat

Filesize
96KB

MD5
d7a950a11638dc52717d9270ef09e150

SHA1
ec1a37f5e70431b63609199a067784f4a63b2d5c

SHA256
0d2a9ef7f0bcdde3d7b5f548b29fed32f4aee8d253d3da41553b7a4dc87a57a0

SHA512
0af7bcaf1058d70790a97641a5f46706323b9a649e5731c51885fa1fe5f7d2474e9bbd907db3ae275bda8246951c7eef46c23076fcea1c8750fb2809dd51a0e4

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcser.cat

Filesize
97KB

MD5
da65117158c5a4d005ad82a68e53e1e8

SHA1
78c0fb4c89a7cac5e3e36ce9e9c54b6507bc2e2a

SHA256
04390a6986d3809f81dbcb345481cd7bcc54430c041754b5464201dcbb6b9bf5

SHA512
5619d046b5047ba8620667835364724bf1c78ab91b74bcb8ade36ff5e8e6cc5c8dc2d56709b083c187ea5ed74679bb10ac3eba3d494dd6e1d7f889831eb4cc44

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcwwan.cat

Filesize
96KB

MD5
1f367e482b4ad610667b425ec6fe8812

SHA1
49769d83232e2e366817691f03686e5ef0e70c65

SHA256
6476bf4f4f731a10e7766f24cec6d71db5140481ff16b87390b402fe8502786a

SHA512
5b0db6294b4305652341647036114ef5680be958a94744d9713fdf9e40254f9750f5649792bcce8b03bbf6cb5b533747a84894e1f82a35fc38c392f65ec48e89

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qdbusb.cat

Filesize
97KB

MD5
7dc0850624be0d3e8def9d653c013291

SHA1
5ffe8a50771d9dd6d3a9d15f14575517bedfda5d

SHA256
070db359908f6955e129024d1de0acf4750790f21ced52fb333e056d2fdd7be7

SHA512
a51a447a8f9793691a9d0314b846c6e3555c22c693c7e0367307001c19744bd8b1ba72261de925c740af9d69a07cbb94a1e5a51b1128394a5a732e2fec1a040e

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qdss\amd64\qdbusb.sys

Filesize
46KB

MD5
0b13a08c6eaa6d7ad76bc43d64b9732b

SHA1
1e7e512dc690675b3814a879d17642d030ba4ac9

SHA256
08ec62ca5a4a64ac48f9963f8623b99d135b9fda6b658ade2564df15d822d950

SHA512
709a29c317a06c893a4efa334d0a9455876c592a659d081bee712a964fe48918af2cea8e9bb0e607ea3915bee6c6442615ffd6084fd9edfd8ae465440b003032

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qdss\amd64\wdfcoinstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\serial\amd64\qcusbser.sys

Filesize
240KB

MD5
a5a4cb5c986715796eb1285289b9c779

SHA1
549fafefb36d1df67d1b8b7817041e4f5677e6ed

SHA256
357eb980c5d7a9ab4cfa5892432dac41ee9c0f03420fa9b927d78119054f91f6

SHA512
032c45b2bba7c5dfafbd0583bc96e79c1710dd981775d6184c131d49835d2183aad7dbaaeda2f45f2b3f490c3a8158c0d901c5467f4ca3158ff01a61c59cc1b5

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DifxApi\amd64\difxapi.dll

Filesize
507KB

MD5
9495b07f33ded991c65d9b04945d44c5

SHA1
db9d5ec47980eb0709faba0cda283ff99d643b7c

SHA256
bf0798d3a4540b15f45c5b329798a2ac532ff693764948b9b4757265e145216e

SHA512
36ff4bd8b252f78a91a8e205bda17bd7f159a11f1616f5bf90fa08164201c272efa817c3974680603ab19a2086ce4dc3a26a504ee811d5a530ccc9e8af6d4815

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe

Filesize
2.2MB

MD5
2e42457c54c0d281aa191c7ca8e7bc11

SHA1
33d5ad6b11cd681f956e5dc607c54c5eca168e19

SHA256
210f20b72fe67a1b12846aab7886b6bd9702a3caf31a3b6affab3a0dc60199ff

SHA512
434872af382e5a73570c1a13d18b9febc71bec25d2ce20fdcfa0fbd23afb103b136d91fa6b6e8b01736a0b59d1477e7296d8a6fda2b26aa0c679454c9246ec1e

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe

Filesize
81KB

MD5
537b58f4523aa9638859d88d61d3ff77

SHA1
522b5f172d44d84e7e72201fde56bad684832237

SHA256
e1a039481b5470841932f440864c14d0139991d22655da1673afcef33b07f82d

SHA512
c2348d6001c6819233a55b1e2ced1fbdbfb6db630c38ffa59185680c31bca8868dfc9ba06350d9d4e9b70f555d0b1e7afa4ba7b55718ee103df5d41e1ecc57a4

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.inf

Filesize
37KB

MD5
c44f842ad6d69df37aa0dcf5b05d54b7

SHA1
62eeff99483ba72c0fb341e768124d74071855c5

SHA256
5a544fda42a991a970ea3417ab49f967cdcb9fe89a14ae53d6566707a328b730

SHA512
44743848307af8d47b978189ba6d192d7d1c39c98bf2d2efe123bc2afc6ed42bade0e101e0b7e8ccb729949ffe89626ce995937d17c8b217e472e45e3ea368fa

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcmdm.inf

Filesize
44KB

MD5
bfd724e1364eb3284822e0b27899d78c

SHA1
e95ff9e797d391ca0aa93b55f3cec5dfb9e95e5a

SHA256
f59f3b976a682c730201e2d4aa4e33f627f92595aa4fde117521a12f2ee8e305

SHA512
9ff0081d900b94cf12ac2b1dbec1fd5ebb108a5048068534a894a6f20c743be387522c45965fc3d68af81d113fa3cb23e5397ed62088641c46c2579a410d66fd

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.inf

Filesize
101KB

MD5
756d9f6aa85025335d121246e5262528

SHA1
54d28ffe46bb81c86ca498bd0c357d63416b2fa7

SHA256
c8fbd819931030b3800397643ce23bac7f9cb46a770c8c7e5104682afbd0571a

SHA512
3012c1b14700bd3dc91f79cd774a61d5b0849203ce6a3d9be742ad902f8d7b52700061fcbde85ce8df2b4ca04b48a66ba81f87616ae7c12028b1ad9699a1f08d

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcwwan.inf

Filesize
73KB

MD5
5667cdc8aa7e89f575417aa5837f9202

SHA1
6449ecffb2a4aebaf4f05a69ac14fb202847f364

SHA256
363addf226aca987a56a2caa95ce19eea4dd86654d46e103f0d6184863ace934

SHA512
02f00e41469e9e9d76a3928ff5ce651f2977f236642f59e6e25fec3c78dfe3ecf7cc1e7253e1bf65ff6834566547172d175366d37d0dd711394f41e573340965

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qdbusb.inf

Filesize
9KB

MD5
e7fb3e2ee6ae0890da972587516a8110

SHA1
93267d82c6564f618fafdd6f8a3edb5d8eff70bb

SHA256
94dd4e0aab352f69f7788a98563048f23f50402862e89376ca5ec5b742373eba

SHA512
6478515112c69674e54474a38b81fe8c1301fbfe64536b96162ade151e5baae22d1886230da2dd477a9d5448797b39f8f4fcb65d88fcb5bdb242a60868630edb

Download Submit
C:\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
C:\Program Files\Common Files\System\symsrv.dll.000

Filesize
175B

MD5
1130c911bf5db4b8f7cf9b6f4b457623

SHA1
48e734c4bc1a8b5399bff4954e54b268bde9d54c

SHA256
eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1

SHA512
94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIADE3.tmp

Filesize
1.3MB

MD5
526de93ee8ed331cf89a744c3aefc355

SHA1
c5e8410afc34ebde8372e0e1711e4155d34dece3

SHA256
f369ed198e835a3362d1c7d5ddf4b853f9339aafa6b5a6032fe13fb51c02c590

SHA512
b3b21ff3f4f98d8d5b14f191d04061addc4c44faf492a4788becfef5cbd55ecc82fc7eb373649fa825264d79b763955d708948412b47555b965ff9ea2d195a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi

Filesize
20.9MB

MD5
fcf5ad3c6e3630c94858e8dd51d07e3a

SHA1
87f6a86b18d0133ca75e63948c85fdd7aef04003

SHA256
11d689580a499cc28048ded32bb408ce417e723787edb8eb4ac68336016c0539

SHA512
a1c19f0977a26468dd6125c8422aa154d4d16f20717be9aa9de95b81dfdc4bd21db52502f102906ba9c9f862a1908ff925a02f4e0f527d4a4328d13758d3e271

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISBEW64.exe

Filesize
146KB

MD5
c3b2acc07bb0610405fc786e3432bef9

SHA1
333d5f2b55bd00ad4311ba104af7db984f953924

SHA256
9acc6cb5d01a4e4dbc92c8774c6999fab5f0e49f097e83098ba740842f5a2894

SHA512
2438e5dd11c8322101d9dc2d0f89ed0b1fc3cb5a65f644a1cf07f4c5a7f353c648e715fb910e09a444b623b3384eecd628e312608bcec63aa3b0107630df32bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\ISRT.dll

Filesize
260KB

MD5
a93f625ef42b54c2b0f4d38201e67606

SHA1
cbfebc1f736ccfc65562ede79a5ae1a8afb116a1

SHA256
e91a865c3d60d9d0bce5d5a0a2f551c5e032d5bc13bc40f85091ce46d38064e0

SHA512
805f0d535022de3d03aa191239fd90c54f2f6745bf02e0ce9cbe59ea34eecac7f9ebb600864c7cbcad5d011fa61bdb5b65889136617edc44178f87bd3970b198

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6E2ADEF8-28F2-4548-91BB-034C97895573}\_isres_0x0409.dll

Filesize
540KB

MD5
d6bbf7ff6984213c7f1f0f8f07c51e6a

SHA1
cfe933fc3b634f7333adec7ec124c14e9d19ac21

SHA256
6366e18a8cbf609c9573f341004e5c2725c23a12973affa90ee7bcc7934ae1b2

SHA512
a1364c96848f54b241c8e92ed1887ca599255c8046e31af11cd4b0b23d97c00243808dff9086a536c0084d6815223685283844a9e27f2c20c4d3b85a794a9e9d

Download Submit
C:\Windows\Installer\MSI469A.tmp

Filesize
1.6MB

MD5
fba7113c8d1b7eecd0e731c184418f29

SHA1
9961d5ca567f32c703a6b953933ff5fc22fca396

SHA256
1d10c129f67a74e1d393bf3c71f76285d3082ce5aa2712e8ffc2c8e148d659d5

SHA512
9cad372e139e744a7ade1e7c1b1f50508a22f2c69a5f73417c5a1db588bde34767e402d7770986f758e7cd118f2d67f6be2bb3fa2765e4e7c0bad7e4a4acc631

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
6f8f66c132b8061db691c94b25f8eac8

SHA1
91c447486398f47e7104299845696bd49bace485

SHA256
cb5fa76482ba476961b0d169b1d13ec29f8fc71c225e166b1f74bcad154d1e0d

SHA512
bea7e30a1111129eb7812be9df239753fd79b80441ee9f846f6818fdcee7c278a4333d30a86541ab0902e9a4499d44dcb3906cb4f578d3ce496ee4751f8baf3e

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
ac535a06cd52f3e56de3e66a709af25c

SHA1
0443272956c58d1a32e85233525f6aac0a6cb3d8

SHA256
90eee9445a9ed2638395d0741ad2e1b6d6ea531c5a3bd782b3787e8b366af90d

SHA512
3a93b6f39c3d132fc2a2ff1f3151cb758d6fc3bb53a64625d6b26367e250a6e6c80511244575656dffbc8cbe2c3b4dc85b009f475ba5a271103335372a6bbaa7

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
39bca567786a891e3161908496759006

SHA1
e0a9c2323584c63a384d0b20bd66332a0876821d

SHA256
ed3802ddb6fa3356c51839cb73bf3e9b000fc3dd78fa7e95787717cb18afb29f

SHA512
d93177f3985665ea8957cf40a3d753594efbdaf434eb47eaa4849fadbbd0328995a4262b8285e6d7530f9160629124541488b9a0336734f43ebde086b0cd13d8

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
cc591b1cd90cadcb5fa69fe63670970d

SHA1
2357bed32df2bd30472b4448cfd25fa3d4c0358a

SHA256
b65023846853f33bb53f5ae9f17260c05855379255b9390d6e04d05a3264b4f5

SHA512
00247a82e31b0ea0ae9381e6d3ddef30766e7a25d6ebbd8a6ac6be91159b0f67295d2a83c5bc1809020131d615970efcb47ad982736b7fdcffccf92d123d3c0b

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
1d21f8071f49d5eecbfdcfe8f88ae6ff

SHA1
3a510ebd6c9da561b1484c10241a2b2c704c568a

SHA256
1edb3b82f91fb6b42391ee68fa14d88e94bd05b427c7f16b1292f0e279e2f48d

SHA512
44ef7508c6ed9820c4a172ecb3dbaa43dcae2bef224d11718929e3b6b8a667261d2421faa3a0241c39b0ce3cd824d44343672a8716d7b767ac277387e38e55aa

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
8e182a3916e63c468e60c57f429b05b5

SHA1
3e3417612ffef581261b1da92897b0402d9aa522

SHA256
17a3ba5cbe919fdd27e059f3522256845ce995018c808c06b7b7f19c32f55688

SHA512
fe69864236210d94145444c4286afec73c19af2674b6b474f01f662da4cfdb394b810da4d9ae40cf8bea9b674729466be85c11ee3234628351ccee82fa91a9d6

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
38KB

MD5
817e183b3f3b3184ca67a339351fb63b

SHA1
42ebd0ef6e433a438c246b9b869b23ceb632df76

SHA256
60d55a0789f28b5a8fef28d0cbd2ddf955515c1e94d7257eb038682f551c32bc

SHA512
4204c7c9c2789f6ffea36c43dd6731bf600d7844056b36cbfc9a379d801d6c3769ade0e6008fc96153981329f4219619b654002f48d7bfc586e82d3aa14df10b

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
38KB

MD5
21fa7ea5a62c19462275facf4b6ead55

SHA1
c2391bdba0f77767efde59c8000ebec7231676f7

SHA256
d0e93b7db65e1b31adf938c19030c18917ae010314659b1d2a12a70a66c595cb

SHA512
6239068d8cc9c83f4951002314e5cf658bb5f1e1f5db5e35f5e994ee52a547abfa1bc04d7cc24566fc3d8ccf109835bff2b91c5e35ef0f4c4326e224ea3fe0fe

Download Submit
C:\Windows\System32\DriverStore\Temp\{a82d8de8-1280-684d-acf4-4413df07b62c}\filter\amd64\qcusbfilter.sys

Filesize
39KB

MD5
8438bd5302eed284de96cf98accdfda2

SHA1
7aacc6fcc500345e6df8cec8839cc63a890779f1

SHA256
0011975f3bad3d11747ca9ba4c24ea674d63131e679ac552d4af2b5ffd7f86dc

SHA512
406eee9d1450b1cf3a4f1b259182b2fb8f494e297498d4f24f45c5d61fd70c8869b3dc750c144da62d58f6985a2ff715e352be337aa623ecc676d471a3bd73bf

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
37KB

MD5
a7c28985c2f5180d3dd4e52ff60751f7

SHA1
d8e244702cf32e077c29157b2d7f0c8bfa4dcede

SHA256
0a0e1b2fdbcd1246bd2afc9fbf0586c9cc00bca9266bf29c1584bcf195076d35

SHA512
5a544106b18ccda42cea7ef083a327d19ec2e9d71b214a303b403a3482518b514ee660388f68cef0aa6f68f02d8cc764c202aa70757ca2c6e7df72bfc5ab946f

Download Submit
\??\Volume{612d9cf5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{cf6abe7c-f6ad-40ba-9437-70fc379ee8bd}_OnDiskSnapshotProp

Filesize
6KB

MD5
d0de9dd5ada1a546c17ca5dfa64b436e

SHA1
43fa3a2e26c5823da0f34bbb1931cfd87356812e

SHA256
1e2b605f4f5a20442ef7af33118aaba3322cb61671da4a0ae20467126c67a7cf

SHA512
a220f183d4665e7327d9dcd233bb00c08c1763f0a35158e35d30e760aa0361790089ffe3b95ccc3c21f440b0c8f10ed05d241ed50ed9c7bc0a3894b9182c6b59

Download Submit
memory/756-79-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/756-74-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/756-69-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/756-66-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/756-6-0x0000000000476000-0x0000000000479000-memory.dmp

Filesize
12KB

Download
memory/756-4-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/756-527-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1892-45-0x0000000003370000-0x00000000033F9000-memory.dmp

Filesize
548KB

Download
memory/1892-39-0x00000000031E0000-0x0000000003287000-memory.dmp

Filesize
668KB

Download
memory/1892-17-0x0000000010000000-0x00000000101B5000-memory.dmp

Filesize
1.7MB

Download