floxif | a3423bf9cd6d13981e3efb81bd2d4861b2606d1bfcca8472e1ade9a8f87bd905

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2025 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
Size

22.2MB
MD5

ef5b79d11d56ac638acea43040ba6e2e
SHA1

be50d85741ddf0c0b28b55e340b330824ec341e8
SHA256

a3423bf9cd6d13981e3efb81bd2d4861b2606d1bfcca8472e1ade9a8f87bd905
SHA512

6381b6c4ef8de0fc48c564c9e02f6df1d562434ad3ddf86fa4a456b9ca49847f3b8c3f14caecfc88aa2a340df055e6b7a10ca1f6db22ff2b67764192df283052
SSDEEP

393216:6XePsQXKIQ2A6p/jJicojuCXiv3vMBnz4CFxDqg9u4PS6n4CEJXE0wEKD3/LR:6XePsQXKx6liUCXk3EmCFpq4PznwXDwB

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral2/files/0x000c000000023bab-1.dat	floxif

Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

Manipulates Digital Signatures 1 TTPs 1 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0E163CB0FDCE9E468EAE5A9600402132643ADE48\Blob = 0300000001000000140000000e163cb0fdce9e468eae5a9600402132643ade480400000001000000100000007b1ffa43ba9dbac4b3893effd386d003140000000100000014000000f6aae1de13f29375ae855eaa0ec7f1526acfb0f719000000010000001000000014005b11663d5285ca9a734218bb60720f0000000100000020000000990c8a10329dc2652c3884245965026509222d4219e55405a1a0cf7a1db202d32000000001000000120500003082050e308203f6a00302010202102b13f4b6b65224ea499e5bf1f90f42b5300d06092a864886f70d01010b0500307f310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b3130302e0603550403132753796d616e74656320436c61737320332053484132353620436f6465205369676e696e67204341301e170d3135303531353030303030305a170d3137303531353233353935395a308194310b30090603550406130255533113301106035504080c0a43616c69666f726e69613112301006035504070c0953616e20446965676f311e301c060355040a0c155155414c434f4d4d20496e636f72706f7261746564311c301a060355040b0c135143542055534220486f737420447269766572311e301c06035504030c155155414c434f4d4d20496e636f72706f726174656430820122300d06092a864886f70d01010105000382010f003082010a0282010100c7c353c4328659cbd10802db6b6721e0dcebd0bfb0763d3663f561288216b040e894c1717eb8540e167a71b925c6a73e7f5772c8e4feb4e28e9bee6f91134db39873f97545ec98ebffad31a7036ecdb3a2051bb3440bceda2ff98c4ff7a5071eb2457e1ce31d20b0af7215fcf8f10bc2919b743d751aecf57de987f487a567cba87d6fb196dd5edaccb4ae11eb487961ab7a89340cf1b3c9651299bfab193e85bdd3cfbbbb8bc36c020d48b756101b3e3e10e95173c85610d74a8c98399655af13300f8e73c797cf6be3164200260cc0aa5e29eae91a5716cadce1a9774de776ac2ef6a436ff7339af9c0c48b5b42ce0afcf58afa5c6be95282b53166bb303870203010001a382016e3082016a30090603551d1304023000300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330660603551d20045f305d305b060b6086480186f84501071703304c302306082b06010505070201161768747470733a2f2f642e73796d63622e636f6d2f637073302506082b0601050507020230191a1768747470733a2f2f642e73796d63622e636f6d2f727061301f0603551d23041830168014963b53f0793397af7d83ef2e2bcccab7861e7266302b0603551d1f042430223020a01ea01c861a687474703a2f2f73762e73796d63622e636f6d2f73762e63726c305706082b06010505070101044b3049301f06082b060105050730018613687474703a2f2f73762e73796d63642e636f6d302606082b06010505073002861a687474703a2f2f73762e73796d63622e636f6d2f73762e637274301106096086480186f84201010404030204103016060a2b06010401823702011b040830060101000101ff300d06092a864886f70d01010b0500038201010066d5d6f1c898c17d1cec0581ff7b84a9ef8828fe9b59caa3cf74a0ab66cbb36614298eec716a1c8acb1e971a6b2790210f09f7d7efa66bdf97a22b6887d876ae2781a168fe9fd68ef1933322c731ec3b93ab08e198b7a544a9d387b08951806e28e414d7decb106038dc3ee5bdb2845faf4cc5c6540a52fbeb5719965d523e321672919ecde1058e82292fb91885cc18a62c1c145453a8684fd6e26277e54dcb8043186adfe5a8f5124b4b826fe764c39c1d8431d4d05cbff409ed35d569f6ca8d0a13dc3c88f56eeac7b9fbd5e95cd2cc8fb99a61d75173d21d52e2fa160b6d1e5e7058d0bde5aca560ebfb2ffe00b08d7fb896211fd10037708e36fd4f3860	DrvInst.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000c000000023bab-1.dat	acprotect

Executes dropped EXE 13 IoCs

pid	Process
3980	ISBEW64.exe
3188	ISBEW64.exe
3544	ISBEW64.exe
4396	ISBEW64.exe
3492	ISBEW64.exe
1760	ISBEW64.exe
536	ISBEW64.exe
1728	ISBEW64.exe
1572	ISBEW64.exe
760	ISBEW64.exe
1500	ISBEW64.exe
3116	qcmtusvc.exe
4192	DriverInstaller64.exe

Loads dropped DLL 15 IoCs

pid	Process
5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
432	msiexec.exe
3692	msiexec.exe
3732	MsiExec.exe
3732	MsiExec.exe
3732	MsiExec.exe
3732	MsiExec.exe
3732	MsiExec.exe
3732	MsiExec.exe
3732	MsiExec.exe
3116	qcmtusvc.exe
4396	MsiExec.exe
4396	MsiExec.exe
4192	DriverInstaller64.exe
4396	MsiExec.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
56	4396	MsiExec.exe

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\e:	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3bc419e3-d90d-7543-bf66-6c9f22b3c56f}\SET605C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_936d995a371b46f4\qcwwan.PNF	DriverInstaller64.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdss\amd64\wdfcoinstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qdbusb.inf_amd64_c68a388aad774c96\qdbusb.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\filter\amd64\SET5447.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	rundll32.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\filter	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\SET5E96.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_dd21d0caf44e7fa8\serial\amd64\qcusbser.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3bc419e3-d90d-7543-bf66-6c9f22b3c56f}\ndis\6.2\amd64\qcusbwwan.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdbusb.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\SET62CF.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\SET5446.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	rundll32.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_91142176ceafe65a\filter\amd64\qcusbfilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\qcmdm.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\SET5EA6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdss	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	rundll32.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	rundll32.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\serial\amd64\qcusbser.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdss\amd64\SET628E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\SET62CF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\serial	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qdbusb.inf_amd64_c68a388aad774c96\qdss\amd64\qdbusb.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\SET5436.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	rundll32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qcser.inf_amd64_7d91b3baab562649\qcser.PNF	DriverInstaller64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\qcser.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	rundll32.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\SET5E96.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_dd21d0caf44e7fa8\qcmdm.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3bc419e3-d90d-7543-bf66-6c9f22b3c56f}\ndis	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\SET62CE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\qcfilter.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qcfilter.inf_amd64_91142176ceafe65a\qcfilter.PNF	DriverInstaller64.exe
File created	C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\SET5EA6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3bc419e3-d90d-7543-bf66-6c9f22b3c56f}\ndis\6.2	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdss\amd64\SET627E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\SET5436.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\filter\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcmdm.inf_amd64_dd21d0caf44e7fa8\qcser.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_936d995a371b46f4\ndis\6.2\amd64\qcusbwwan.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qcwwan.inf_amd64_936d995a371b46f4\qcwwan.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdss\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\qcfilter.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\filter\amd64\SET5447.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdss\amd64\qdbusb.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\qdbusb.inf_amd64_c68a388aad774c96\qdss\amd64\wdfcoinstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	rundll32.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	rundll32.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3bc419e3-d90d-7543-bf66-6c9f22b3c56f}\ndis\6.2\amd64\SET605D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\qdss\amd64\SET628E.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	rundll32.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	rundll32.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	rundll32.exe

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000c000000023bab-1.dat	upx
behavioral2/memory/5076-4-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/432-9-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/432-11-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3692-13-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3732-18-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/5076-63-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3692-64-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3732-77-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/5076-78-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3692-81-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/5076-85-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/5076-92-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3692-93-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3732-94-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3116-200-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3116-203-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/4396-205-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/4396-495-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3732-497-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3692-498-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/5076-499-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\i386\qcusbwwan.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcwwan.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\i386\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\amd64\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcfilter.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcmdm.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcnet.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\amd64\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\i386\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\i386\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdbusb.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\amd64\qcusbfilter.pdb	msiexec.exe
File created	C:\Program Files\Common Files\System\symsrv.dll	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\i386\qcusbfilter.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdbusb.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdbusb.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdbusb.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\amd64\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\i386\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\i386\qdbusb.pdb	msiexec.exe
File created	\??\c:\program files\common files\system\symsrv.dll.000	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\amd64\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcser.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\amd64\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcfilter.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcnet.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qcser.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qdcfg.exe	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcfilter.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\i386\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\amd64\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\i386\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Difxapi\amd64\DIFxAPI.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\i386\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\filter\amd64\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\i386\qcusbfilter.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\serial\amd64\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcfilter.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcser.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\filter\amd64\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qcwwan.cat	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\amd64\qdbusb.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\qdss\i386\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\amd64\qcusbwwan.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\serial\amd64\qcusbser.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\qdss\i386\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qdss\amd64\qdbusb.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Difxapi\i386\DIFxAPI.dll	msiexec.exe
File created	\??\c:\progra~1\common~1\system\symsrv.dll.000	MsiExec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\ndis\6.2\amd64\qcusbwwan.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\filter\i386\qcusbfilter.sys	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\qcfilter.inf	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\amd64\qcusbnet.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\XP-Vista\ndis\5.1\i386\qcusbnet.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriversInstallerCA.dll	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\logReader.exe	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows7\serial\amd64\qcusbser.pdb	msiexec.exe
File created	C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Fre\Windows8\ndis\6.2\i386\qcusbwwan.pdb	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File created	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\SourceHash{D9FB7F91-9687-4B09-894D-072903CADEA4}	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C76.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DriverInstaller64.exe
File opened for modification	C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\e584774.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI48CC.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI6483.tmp	msiexec.exe
File created	C:\Windows\Installer\e584776.msi	msiexec.exe
File created	C:\Windows\Installer\e584774.msi	msiexec.exe
File created	C:\Windows\Installer\{D9FB7F91-9687-4B09-894D-072903CADEA4}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem6.inf	DrvInst.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	qcmtusvc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DriverInstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DriverInstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	rundll32.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	rundll32.exe

Modifies registry class 24 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\19F7BF9D786990B498D4709230ACED4A\DefaultFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductIcon = "C:\\Windows\\Installer\\{D9FB7F91-9687-4B09-894D-072903CADEA4}\\ARPPRODUCTICON.exe"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4\19F7BF9D786990B498D4709230ACED4A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\1 = "DISK1;1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\PackageName = "QualcommWindowsDriverInstaller.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\ProductName = "Qualcomm USB Drivers For Windows"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\PackageCode = "54605E80078F0E84081B971B66E8A6D7"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\Version = "16777253"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0EA6D9F1380532E40BBD65C87A1302C4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\19F7BF9D786990B498D4709230ACED4A\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
5080	msiexec.exe
5080	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
Token: SeDebugPrivilege	432	msiexec.exe
Token: SeShutdownPrivilege	432	msiexec.exe
Token: SeIncreaseQuotaPrivilege	432	msiexec.exe
Token: SeSecurityPrivilege	5080	msiexec.exe
Token: SeCreateTokenPrivilege	432	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	432	msiexec.exe
Token: SeLockMemoryPrivilege	432	msiexec.exe
Token: SeIncreaseQuotaPrivilege	432	msiexec.exe
Token: SeMachineAccountPrivilege	432	msiexec.exe
Token: SeTcbPrivilege	432	msiexec.exe
Token: SeSecurityPrivilege	432	msiexec.exe
Token: SeTakeOwnershipPrivilege	432	msiexec.exe
Token: SeLoadDriverPrivilege	432	msiexec.exe
Token: SeSystemProfilePrivilege	432	msiexec.exe
Token: SeSystemtimePrivilege	432	msiexec.exe
Token: SeProfSingleProcessPrivilege	432	msiexec.exe
Token: SeIncBasePriorityPrivilege	432	msiexec.exe
Token: SeCreatePagefilePrivilege	432	msiexec.exe
Token: SeCreatePermanentPrivilege	432	msiexec.exe
Token: SeBackupPrivilege	432	msiexec.exe
Token: SeRestorePrivilege	432	msiexec.exe
Token: SeShutdownPrivilege	432	msiexec.exe
Token: SeDebugPrivilege	432	msiexec.exe
Token: SeAuditPrivilege	432	msiexec.exe
Token: SeSystemEnvironmentPrivilege	432	msiexec.exe
Token: SeChangeNotifyPrivilege	432	msiexec.exe
Token: SeRemoteShutdownPrivilege	432	msiexec.exe
Token: SeUndockPrivilege	432	msiexec.exe
Token: SeSyncAgentPrivilege	432	msiexec.exe
Token: SeEnableDelegationPrivilege	432	msiexec.exe
Token: SeManageVolumePrivilege	432	msiexec.exe
Token: SeImpersonatePrivilege	432	msiexec.exe
Token: SeCreateGlobalPrivilege	432	msiexec.exe
Token: SeDebugPrivilege	3692	msiexec.exe
Token: SeShutdownPrivilege	3692	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3692	msiexec.exe
Token: SeCreateTokenPrivilege	3692	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3692	msiexec.exe
Token: SeLockMemoryPrivilege	3692	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3692	msiexec.exe
Token: SeMachineAccountPrivilege	3692	msiexec.exe
Token: SeTcbPrivilege	3692	msiexec.exe
Token: SeSecurityPrivilege	3692	msiexec.exe
Token: SeTakeOwnershipPrivilege	3692	msiexec.exe
Token: SeLoadDriverPrivilege	3692	msiexec.exe
Token: SeSystemProfilePrivilege	3692	msiexec.exe
Token: SeSystemtimePrivilege	3692	msiexec.exe
Token: SeProfSingleProcessPrivilege	3692	msiexec.exe
Token: SeIncBasePriorityPrivilege	3692	msiexec.exe
Token: SeCreatePagefilePrivilege	3692	msiexec.exe
Token: SeCreatePermanentPrivilege	3692	msiexec.exe
Token: SeBackupPrivilege	3692	msiexec.exe
Token: SeRestorePrivilege	3692	msiexec.exe
Token: SeShutdownPrivilege	3692	msiexec.exe
Token: SeDebugPrivilege	3692	msiexec.exe
Token: SeAuditPrivilege	3692	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3692	msiexec.exe
Token: SeChangeNotifyPrivilege	3692	msiexec.exe
Token: SeRemoteShutdownPrivilege	3692	msiexec.exe
Token: SeUndockPrivilege	3692	msiexec.exe
Token: SeSyncAgentPrivilege	3692	msiexec.exe
Token: SeEnableDelegationPrivilege	3692	msiexec.exe
Token: SeManageVolumePrivilege	3692	msiexec.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
432	msiexec.exe
432	msiexec.exe
3692	msiexec.exe
3692	msiexec.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
4192	DriverInstaller64.exe

Suspicious use of WriteProcessMemory 50 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 432	5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe	84
PID 5076 wrote to memory of 432	5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe	84
PID 5076 wrote to memory of 432	5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe	84
PID 5076 wrote to memory of 3692	5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe	86
PID 5076 wrote to memory of 3692	5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe	86
PID 5076 wrote to memory of 3692	5076	2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe	86
PID 5080 wrote to memory of 3732	5080	msiexec.exe	88
PID 5080 wrote to memory of 3732	5080	msiexec.exe	88
PID 5080 wrote to memory of 3732	5080	msiexec.exe	88
PID 3732 wrote to memory of 3980	3732	MsiExec.exe	89
PID 3732 wrote to memory of 3980	3732	MsiExec.exe	89
PID 3732 wrote to memory of 3188	3732	MsiExec.exe	90
PID 3732 wrote to memory of 3188	3732	MsiExec.exe	90
PID 3732 wrote to memory of 3544	3732	MsiExec.exe	91
PID 3732 wrote to memory of 3544	3732	MsiExec.exe	91
PID 3732 wrote to memory of 4396	3732	MsiExec.exe	92
PID 3732 wrote to memory of 4396	3732	MsiExec.exe	92
PID 3732 wrote to memory of 3492	3732	MsiExec.exe	93
PID 3732 wrote to memory of 3492	3732	MsiExec.exe	93
PID 3732 wrote to memory of 1760	3732	MsiExec.exe	94
PID 3732 wrote to memory of 1760	3732	MsiExec.exe	94
PID 3732 wrote to memory of 536	3732	MsiExec.exe	95
PID 3732 wrote to memory of 536	3732	MsiExec.exe	95
PID 3732 wrote to memory of 1728	3732	MsiExec.exe	96
PID 3732 wrote to memory of 1728	3732	MsiExec.exe	96
PID 3732 wrote to memory of 1572	3732	MsiExec.exe	97
PID 3732 wrote to memory of 1572	3732	MsiExec.exe	97
PID 3732 wrote to memory of 760	3732	MsiExec.exe	98
PID 3732 wrote to memory of 760	3732	MsiExec.exe	98
PID 3732 wrote to memory of 1500	3732	MsiExec.exe	99
PID 3732 wrote to memory of 1500	3732	MsiExec.exe	99
PID 5080 wrote to memory of 4716	5080	msiexec.exe	121
PID 5080 wrote to memory of 4716	5080	msiexec.exe	121
PID 5080 wrote to memory of 4396	5080	msiexec.exe	124
PID 5080 wrote to memory of 4396	5080	msiexec.exe	124
PID 5080 wrote to memory of 4396	5080	msiexec.exe	124
PID 4396 wrote to memory of 4192	4396	MsiExec.exe	125
PID 4396 wrote to memory of 4192	4396	MsiExec.exe	125
PID 5040 wrote to memory of 1124	5040	svchost.exe	127
PID 5040 wrote to memory of 1124	5040	svchost.exe	127
PID 1124 wrote to memory of 908	1124	DrvInst.exe	129
PID 1124 wrote to memory of 908	1124	DrvInst.exe	129
PID 5040 wrote to memory of 1824	5040	svchost.exe	131
PID 5040 wrote to memory of 1824	5040	svchost.exe	131
PID 5040 wrote to memory of 632	5040	svchost.exe	132
PID 5040 wrote to memory of 632	5040	svchost.exe	132
PID 5040 wrote to memory of 4888	5040	svchost.exe	133
PID 5040 wrote to memory of 4888	5040	svchost.exe	133
PID 5040 wrote to memory of 2368	5040	svchost.exe	134
PID 5040 wrote to memory of 2368	5040	svchost.exe	134

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /x {D9FB7F91-9687-4B09-894D-072903CADEA4} /passive
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:432
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi"
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3692

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B1D598C7AE332A07C6FAB6B9C250B50D C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3732
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8EC99C7C-7EC4-42BD-82E1-FE5321644336}
    3⤵
    - Executes dropped EXE
    PID:3980
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3F5DEB4D-66AE-4EF1-8330-6B30A930451D}
    3⤵
    - Executes dropped EXE
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FD610B24-581F-435D-81DC-C4401B358B6C}
    3⤵
    - Executes dropped EXE
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3670F6FE-063A-4A20-8718-B1824632C031}
    3⤵
    - Executes dropped EXE
    PID:4396
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C820336A-18E3-4ED2-B589-F931DEDD4948}
    3⤵
    - Executes dropped EXE
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DA6378A4-D774-4AD6-A98C-C67E0AA8111D}
    3⤵
    - Executes dropped EXE
    PID:1760
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C61D77CB-E87C-424B-82C0-0AB72F44234D}
    3⤵
    - Executes dropped EXE
    PID:536
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{38DAC98F-DA49-4E50-A00E-0C197C2B2D67}
    3⤵
    - Executes dropped EXE
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1481E3A2-F845-4E9D-A9C7-42B75BDB0D1B}
    3⤵
    - Executes dropped EXE
    PID:1572
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6C9F076F-3992-410C-8AD9-07431B60B829}
    3⤵
    - Executes dropped EXE
    PID:760
- - C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1D14272E-37AC-4DE8-886E-25CF6E60B42A}
    3⤵
    - Executes dropped EXE
    PID:1500
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4716
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1F5F39817CC5C8FD0C242F1398FBB89F E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Blocklisted process makes network request
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:4396
- - C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe
    "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe" "/I|0|C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Suspicious use of SetWindowsHookEx
    PID:4192

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:864

C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe
"C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.inf" "9" "4f0333d67" "0000000000000148" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Manipulates Digital Signatures
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:1124
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{b918628d-2103-6d4b-9625-5a2097a0ebbb} Global\{b0f686f0-527a-d042-947c-2fa5e8237f42} C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\qcfilter.inf C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\qcfilter.cat
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:908
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.inf" "9" "4417f2877" "0000000000000160" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1824
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcmdm.inf" "9" "4f8e1879b" "0000000000000158" "WinSta0\Default" "000000000000017C" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:632
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcwwan.inf" "9" "47c727a63" "000000000000017C" "WinSta0\Default" "0000000000000148" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4888
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qdbusb.inf" "9" "4d5e0b807" "0000000000000148" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e584775.rbs

Filesize
37KB

MD5
b2a6b567d6af5588585082612b8ed3d2

SHA1
9fd26ab697430117b96dcbe19a974afd1d6600a3

SHA256
6bb2fdee22fb3241b5af00505666d5f0f75e014396bb744f17cff51b5dd61cdb

SHA512
9baafcc1d0c2078efac59a8aeb7d16b982ce704643a28c8322d44c6f7de7508d1fbaf5132cfe0bb72cd7d078ec07e72dd46cf4d939db1eb62c153cd7b887d7fa

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcfilter.cat

Filesize
94KB

MD5
184fb15f93f73790d5dfae0a22557ee4

SHA1
f3de31f1db7e76fd26d7ad4953b0a01c070da8ba

SHA256
2443015b8822a3793c141571135ef1cb79f324700d33266103e3ba599e1b6c21

SHA512
5e6e8a7fc5187f886e33769028f2f4aa5410615c681eb0aa0136ac08c81954c86d7a58b000004294dc60239d8f76c3bda9eafcfd3f1ad7d1c86bd3eb6ad2ea3e

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qcwwan.cat

Filesize
94KB

MD5
a08b4295c74ebc18d6a5f281ca2c3eea

SHA1
9718561dd5f541854bb3dceb0554ee780f4cad43

SHA256
be76010e324e2fcd9990a82265ff8757375f45fc692202ebf5d974b85fcbc777

SHA512
170b32913c40c94ef7d32d2c2c011b6671feb64a91b1ba9c5f0ba44db79264b577871bedbc58ff308ea98926f767823432a86f0749208c1092460d6adb5c92f9

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qdss\amd64\qdbusb.sys

Filesize
44KB

MD5
c6ea8d40d2bf25d9011c37e27d65c484

SHA1
9d00f36c1ba545c2c140aa12e6ff0b5917b17f8b

SHA256
ed89b3315d5ff28ccde22b90680d44c7ad8de630601baa2921c96c25d85aae3f

SHA512
b54d2e8dd7692ea4f9308be891330d277ba7b592e2a40b1a330176668d1e3aa7243cd792c70743d1f978bcf992116c4c6f28f2cb02fd4536d53cedc9a13e26ea

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\qdss\amd64\wdfcoinstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\PROGRA~2\QUALCO~1\QUALCO~1\DRIVER~1\Qualcomm\fre\Windows7\serial\amd64\qcusbser.sys

Filesize
239KB

MD5
358bc4b7bf9bca41abea485058f9b360

SHA1
47974d8e6512497c9ad6a79919e1cd58366d5e97

SHA256
6fff206a1def97219541568d76d2077ac5db1daef2c6d995f6ac4a83e57ed898

SHA512
1d6de7f4db5f2320889f8e23176b8e6ebacd8ed03fb7bbb62841e105c83fcc6eaa571c89e605f3d41258fa629dd72c5e2305ea7c26855735b1baced84046404a

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Difxapi\amd64\DIFxAPI.dll

Filesize
507KB

MD5
9495b07f33ded991c65d9b04945d44c5

SHA1
db9d5ec47980eb0709faba0cda283ff99d643b7c

SHA256
bf0798d3a4540b15f45c5b329798a2ac532ff693764948b9b4757265e145216e

SHA512
36ff4bd8b252f78a91a8e205bda17bd7f159a11f1616f5bf90fa08164201c272efa817c3974680603ab19a2086ce4dc3a26a504ee811d5a530ccc9e8af6d4815

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\DriverInstaller64.exe

Filesize
2.2MB

MD5
6e0321ff9f386106d64e7b863e1866ea

SHA1
f9898d7bdd18691518ff1d615a693922bcc3a26c

SHA256
f0cbd9fb9abc814e470a4126d3f7b7bf2fc769c20593b402ad2cb979e4817625

SHA512
0449c4ee6fb9798d6dc24e08d70aabc8fb1ecec4696c34e42440ff8a93ae93f058a235b8cf0078699723cbc42a3a579519d048ace5add0bd28d5866fb4d3eb04

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe

Filesize
81KB

MD5
cf9a93ed8f3b472a9c1eb6acb619b9d4

SHA1
9725cb577b28f9a71d66af1f5c075423c3f2c66a

SHA256
b6d6cbf256f08fe397d23c989d41ff6f4bd60b11751f7e7585cfe5dc534b5e26

SHA512
d79581bb5a82a3b396faa20683f5afdcc2933ff525450722142541dbb9450b99f31910983c41420b47dc9b09f2507738d00bcd4047aabbfe23c9a325970394b4

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcfilter.inf

Filesize
36KB

MD5
4e8ff95823ed15cf1bb13489f88784f5

SHA1
f25210d6d26b842ae8a11e3b5c4e18835e4a3b13

SHA256
5fa46ab5487d00840642d82eb321aab0c716b19dc9cd21aaa4af74a7b47a5e2e

SHA512
6d2056e302c73e7092cbd5badb705ae52fb99b4279c174b524c3656d090434e45a2c0e9c4ed24f4215cff112bbe3ae317776bb00d58a7a27c99266c589bcc667

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcmdm.inf

Filesize
44KB

MD5
f1ee860f01ef686168926b2eb70da7aa

SHA1
5000f8e9c765906819b7bc5ee7ba9a8de8c0f4ee

SHA256
db8c72dffd89b859c8d3b511d3c0452d031079c21648d94a8cdfb9c403e492dd

SHA512
12823e92a89b2b52d85388f732dcf57303b3bc3f03fa4332244f30d2a180458cb0e58f533c62608f5ac1613b99df4f4b873e8d663e5f5ca9d4cca379bda1e020

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcser.inf

Filesize
100KB

MD5
66702ca8991184e99b39304cbe964bb3

SHA1
99d9453c89e7fedd06f12f3d96b9931e63bdec29

SHA256
717d8c9eb75808d711ec31ad97f5cf4699798c95d4336f57cc54ff09aab9ff6e

SHA512
e3efbb1be20fc84f31112f75fe412d8e7efaf980038a09e2e9a502810e173dbee0abc3ce4c3a6ac608a84ea9cdeafd5fb32ea44da3e5f39d184363e6167cb950

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qcwwan.inf

Filesize
72KB

MD5
be202547e7b7317e0eaacb373fb65034

SHA1
f286b1dff477e7bb1b89028d10ed2164f43ee1c1

SHA256
635ec113fb8682ccb237afae4de441882a3edd12526fd7d0f4e0450c54cf8bc6

SHA512
b6fab25bfbd1fef0ad4fa25b1f72829a189fcbb98abb1c36d484fa21acfd8cf71efc58dcb869c424ad8aea8469d224f71a653bd7d14fb82561c815ac1e534c1a

Download Submit
C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\fre\Windows7\qdbusb.inf

Filesize
8KB

MD5
028f4b4eea445e57839a0511736cb887

SHA1
55074bcd41bc4b90b52f89d7fd20b35885b3ad95

SHA256
248c3c0a0a6b2f2a7f7438120906d29c8adbb9ee447dd47d7eb16a7c260f531d

SHA512
7faeaccfbd89cfed6bd00fab215e906673505bb64baff4760e7c5fbc385b23b85131d2769bacbaa5f3af3d4cf078ff7d9e61986b5421fb256d64f4726efa7690

Download Submit
C:\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
C:\Program Files\Common Files\System\symsrv.dll.000

Filesize
175B

MD5
1130c911bf5db4b8f7cf9b6f4b457623

SHA1
48e734c4bc1a8b5399bff4954e54b268bde9d54c

SHA256
eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1

SHA512
94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB5A4.tmp

Filesize
1.3MB

MD5
ca189a2b762e64d61303bfd4d88fd0a6

SHA1
13bf55664fb0345d3931458f75b6039c1213f46a

SHA256
dc5094ceb682772d95b427230bfb1af29df90ef67fe8afb08c43a0f2af3f880a

SHA512
31bb912f5c5f6cd6577f8529fcbbfc0bf4d0bda5e1904772c57cd942520db7dd1c10657e8695d16418a05763202af1034e4e47a7db8a8be618b9e330e8a544bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi

Filesize
20.7MB

MD5
cde633c7be2c8db52f0922f8a8e0c613

SHA1
a9bc8e3c20244d7057843ebb5ce6152f9ef1bd7f

SHA256
a7d18848d352986989170eaae01af8439b91b732544662c80c17bad8605353e5

SHA512
e32e7bf3c682f070bfae158d98565aa4285bb0154f6655469ad470289845182d757623ad55bd649c39a5c2cd9f8da15aa564d71103084d8fafb336921211009b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISBEW64.exe

Filesize
146KB

MD5
c3b2acc07bb0610405fc786e3432bef9

SHA1
333d5f2b55bd00ad4311ba104af7db984f953924

SHA256
9acc6cb5d01a4e4dbc92c8774c6999fab5f0e49f097e83098ba740842f5a2894

SHA512
2438e5dd11c8322101d9dc2d0f89ed0b1fc3cb5a65f644a1cf07f4c5a7f353c648e715fb910e09a444b623b3384eecd628e312608bcec63aa3b0107630df32bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\ISRT.dll

Filesize
260KB

MD5
a93f625ef42b54c2b0f4d38201e67606

SHA1
cbfebc1f736ccfc65562ede79a5ae1a8afb116a1

SHA256
e91a865c3d60d9d0bce5d5a0a2f551c5e032d5bc13bc40f85091ce46d38064e0

SHA512
805f0d535022de3d03aa191239fd90c54f2f6745bf02e0ce9cbe59ea34eecac7f9ebb600864c7cbcad5d011fa61bdb5b65889136617edc44178f87bd3970b198

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E9581AFA-85A4-4212-BD0E-D96E13CEED90}\_isres_0x0409.dll

Filesize
540KB

MD5
d6bbf7ff6984213c7f1f0f8f07c51e6a

SHA1
cfe933fc3b634f7333adec7ec124c14e9d19ac21

SHA256
6366e18a8cbf609c9573f341004e5c2725c23a12973affa90ee7bcc7934ae1b2

SHA512
a1364c96848f54b241c8e92ed1887ca599255c8046e31af11cd4b0b23d97c00243808dff9086a536c0084d6815223685283844a9e27f2c20c4d3b85a794a9e9d

Download Submit
C:\Windows\Installer\MSI4C76.tmp

Filesize
1.6MB

MD5
ab8d1cf0de0c1594c2093ccf0128e0b8

SHA1
ddba6dc5c69ba72c879fb15cc109503adb759fdc

SHA256
2f975e52b9e6a99dd3515f7b9bc30e89d39cb44e9fb1a8f3e43ab330df42f0a4

SHA512
0a01b500ef221777ffeeacccf47794d1d468bf86a24f53a6558cd21d244dfb614f552047352f8c5c01682322fceab21089bc2a8bef6ad502c81b347b8f8c1fb9

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
2099a144d5782b42ff20cad89329bad9

SHA1
84b972b423c2cd372caea63496718099b3a3d1b4

SHA256
42cb54434ddf827cfc621bc01f50dadfd794d94aad7ea1a0a84ab9b0727d4817

SHA512
04ddd866f26e7b276a10263f4417420d346c38371a7dfec5f4cd296035703a37ea69b21be3d5dd81b822b2789a5b658e964b75f57017ceee2cd5f16ae272dedb

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
885e924b4ba1f6ec9df8f70cd85105bd

SHA1
3497ed8c5165351ae604d95571b59573511850e9

SHA256
5ef833102f4729d8704ac1ad8c75d4685d72d8f11ad0b20c34d9f64b0533cfe6

SHA512
67b15ab2172f6da1b73871a663fc80ace647b64f009d0acd9eddfa7552d898c5c778c79720dc24669be63cb954ed7533c599316541e96678a8a02d4bcf5b49ff

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
232792d659297e7b5269c075bcfdae27

SHA1
5be156c549868fd55554aa8f3f232a30a2baf945

SHA256
56568082545ae1037550378751c3cc927a0ae8d56e4ec2b8779c6fa5603075bd

SHA512
26e8a8f1d6776e426fc0f2718a182c81dcebf2ebb63ef24e0b648da69abe891bdb4145075a1eadc164ff3c0f2dc2bd559464cb61aba2bf3886e1ce1b1a492057

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
cea19d39de95dc2d260a845d36e89ecb

SHA1
fb1fa127167bb2e658345efbac3d5b4eb576a8b0

SHA256
faf4d15403e148fbd21a62ae75eacba0a9ba707715be01d588a63f371aa3e8f0

SHA512
c163b41bc2ac8619bd816dac908d7cfa62b3c32ae1b7f571ea378d2370c04f17bb91b92864e800ea049c1af39dfb6951f58853d585e6acea00957ba9fa39d827

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
38KB

MD5
6ba2b4c7cceed0f8b02d568f671a809c

SHA1
b50783a95d0981dd30be6c843bfb855ce6334b8c

SHA256
1617b9a415734ae7ad2669acab0e2e5b3f77d0ec2dd96b15a15d062b051f0d5c

SHA512
06a616afd0a240f170db07c9ca9af60d74b2e199bdb69c912249d128851fd0a465ae28a137a8077417c0e756e7ee942826efc9c226a872cea815d74324bc0ae8

Download Submit
C:\Windows\System32\DriverStore\Temp\{3bc419e3-d90d-7543-bf66-6c9f22b3c56f}\ndis\6.2\amd64\qcusbwwan.sys

Filesize
504KB

MD5
4999657681bacef73fd6c5162a3bbfb5

SHA1
5d062c1acc28c4e3852043bbbdd87266f22dc478

SHA256
2d759dfd3a6623edd3b2f1634e6192815c25952094ae72cfbbd9ea46d25f7226

SHA512
637295c1c467316268268c2a2b529e0a0175c471807c6cddedf83ddfa2537554720bc53cbabf3864d58c0fb7cd41669805b842c0c58a06caf5d6243143ece290

Download Submit
C:\Windows\System32\DriverStore\Temp\{6a2a49cf-717e-9345-bf76-b5391c4ab520}\filter\amd64\SET5447.tmp

Filesize
39KB

MD5
45ef50b1446371ec2411e6ec6f6dabab

SHA1
d2e78f2eba854b57626e69fd9298cd390d76f544

SHA256
65b7baabfcb0788147b1a5bb03083008f6040f6c321b6a5e2892680c5eec9abd

SHA512
5f0377571bd44c83fbd64b8406fcfcf47aef3cd5308d664193d364f978e87c67aa00fd456cc8647ce06381e6c9c6c621a16b5708330776091ca3c6b130957b37

Download Submit
C:\Windows\System32\DriverStore\Temp\{8df4381b-84e7-5741-ac54-3724a22ad8cf}\SET62CE.tmp

Filesize
95KB

MD5
582be70e74fd908714af436aa546c119

SHA1
b8179d1f818322da5593d19646e646084ec846e7

SHA256
8c3208d04d1c5fe011659b97692a024df5a607f1a480072127bb0f47073aeffa

SHA512
dce438135be6786e57eda011b786596c751e3ab7bd15e5553ac7643f54d7014aff6d723c52732d306d70054c3a9980968e71fd14dd1480590290fe34f9134a17

Download Submit
C:\Windows\System32\DriverStore\Temp\{9191596c-bc20-da46-9da3-59ece6bf066a}\SET5EA6.tmp

Filesize
95KB

MD5
acdc05e308c96515b4b8eda582b1191a

SHA1
9ed26a48419a8435cb6982e6d1d86585213621ee

SHA256
550507c87bdd89d0619328529fefee2933736c85d239367c5e429e0d6febd07c

SHA512
1c7bbbc1144e66cc87977074f73bd6c86ba05ca21fadf7f8ac81088fca6776a20fb5d260c366006100adb766697f91e4f2cd4290d2662ec52b0db60dbff93963

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
37KB

MD5
20427777c567c78b40f4319150dc415b

SHA1
f0e02327b7aa2601a406a2baf947551560601034

SHA256
6b11a1b660b37d904114e4e6054f0083af2b8ac84b1b560537a4985b6ca4ab7a

SHA512
b7147d1456657720f8785067294a97b52b3eb0db1ed02e00568e12715ef4ae510e17c6e9c8aa544f3ded575240a87f7505b0f6126862b7f980bf550e073e5685

Download Submit
memory/432-11-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/432-9-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3116-203-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3116-200-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3692-81-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3692-64-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3692-93-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3692-498-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3692-13-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3732-77-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3732-497-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3732-94-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3732-52-0x0000000003BA0000-0x0000000003C29000-memory.dmp

Filesize
548KB

Download
memory/3732-45-0x0000000003A20000-0x0000000003AC7000-memory.dmp

Filesize
668KB

Download
memory/3732-46-0x0000000003A20000-0x0000000003AC7000-memory.dmp

Filesize
668KB

Download
memory/3732-27-0x0000000003440000-0x00000000035F5000-memory.dmp

Filesize
1.7MB

Download
memory/3732-22-0x0000000003440000-0x00000000035F5000-memory.dmp

Filesize
1.7MB

Download
memory/3732-18-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4396-205-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4396-495-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-85-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-4-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-63-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-78-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-92-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-499-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download