Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
#U8f6f#U4ef6#U5305#U5b89#U88c5.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Setup Program, Author: M, Keywords: Installer, Comments: Comment, Template: Intel;1033, Revision Number:
{BC9A93FF-6759-45EC-9BF9-01291458AF41}, Create Time/Date: Mon Sep 30 03:07:00 2024, Last Saved Time/Date: Mon Sep 30 03:07:00
2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722),
Security: 2
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Windows NT\Update.png
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI8940.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Config.Msi\5086b0.rbs
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\7za.bin
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\bin.dat
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\locale.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\locale2.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\locale3.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\locale4.dat
|
7-zip archive data, version 0.3
|
dropped
|
||
|
C:\Windows\Installer\5086af.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Setup Program, Author: M, Keywords: Installer, Comments: Comment, Template: Intel;1033, Revision Number:
{BC9A93FF-6759-45EC-9BF9-01291458AF41}, Create Time/Date: Mon Sep 30 03:07:00 2024, Last Saved Time/Date: Mon Sep 30 03:07:00
2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\5086b1.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Setup Program, Author: M, Keywords: Installer, Comments: Comment, Template: Intel;1033, Revision Number:
{BC9A93FF-6759-45EC-9BF9-01291458AF41}, Create Time/Date: Mon Sep 30 03:07:00 2024, Last Saved Time/Date: Mon Sep 30 03:07:00
2024, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI87D8.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF110252C8EACB032B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF187D175EE7F0CC02.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF271BABB457CDB72B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF8B8F87368AFA308D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF9FB0A2442B555886.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA16E0D081F45B769.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFC2694982D725A76C.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE0B391DE665C8F14.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE1653ECFCDE358F2.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE50BB96FA2A42E7C.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE52718B162A367C3.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFF81FC4BDDE620274.TMP
|
data
|
dropped
|
There are 18 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\System32\MsiExec.exe -Embedding 7BDA3736EA8AC5FE14FD6ABBE0BEDB9F E Global\MSI0000
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5086b0.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5086b0.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ABB06521D21D113428DCA45BDA71434C
|
765D6DA3F1D34AC4BAA27DB2C32341A5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\ABCBA521D21C113428DCA45BEA7C434C
|
765D6DA3F1D34AC4BAA27DB2C32341A5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AD6D567-3D1F-4CA4-AB2A-D72B3C32145A}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\765D6DA3F1D34AC4BAA27DB2C32341A5
|
ProductFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\Features
|
ProductFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\ABCBA521D21C113428DCA45BEA7C434C
|
765D6DA3F1D34AC4BAA27DB2C32341A5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\765D6DA3F1D34AC4BAA27DB2C32341A5\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
There are 66 hidden registries, click here to show them.