Windows Analysis Report
Adobe-Setup.msi

Overview

General Information

Sample name:	Adobe-Setup.msi
Analysis ID:	1528310
MD5:	efef047506a403740c439b2f071e3901
SHA1:	a938f60b6f5b645d81e6a5f41fdf16f9610db8e6
SHA256:	c25b566d99d55fe5cb1a19290748dac70845663fe0f8bf78f741fe4440055551
Tags:	msiPlugXuser-smica83
Infos:

Detection

Korplug

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Korplug

AI detected suspicious sample

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Found API chain indicative of debugger detection

Found evasive API chain (may stop execution after checking mutex)

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Adds / modifies Windows certificates

Checks for available system drives (often done to infect USB drives)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to get notified if a device is plugged in / out

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
PlugX, Korplug	RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system.Notable features of this malware family are the ability to execute commands on the affected machine to retrieve:machine informationcapture the screensend keyboard and mouse eventskeyloggingreboot the systemmanage processes (create, kill and enumerate)manage services (create, start, stop, etc.); andmanage Windows registry entries, open a shell, etc.The malware also logs its events in a text log file.	APT 22 APT 26 APT31 APT41 Aurora Panda Calypso group DragonOK EMISSARY PANDA Hellsing Hurricane Panda Leviathan Mirage Mustang Panda NetTraveler Nightshade Panda SLIME29 Samurai Panda Stone Panda UPS Violin Panda	http://blog.airbuscybersecurity.com/post/2014/01/plugx-some-uncovered-points.html http://blog.jpcert.or.jp/.s/2017/04/redleaves---malware-based-on-open-source-rat.html http://blog.jpcert.or.jp/2015/01/analysis-of-a-r-ff05.html http://blog.jpcert.or.jp/2017/02/plugx-poison-iv-919a.html http://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/	https://malpedia.caad.fkie.fraunhofer.de/details/win.plugx

Signatures

AV Detection

Antivirus detection for dropped file

Source: C:\ProgramData\SecurityScan\hid.dll	Avira: detection malicious, Label: TR/PlugX.leqhk
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\hid.dll	Avira: detection malicious, Label: TR/PlugX.leqhk

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\SecurityScan\hid.dll	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\hid.dll	ReversingLabs: Detection: 54%

Multi AV Scanner detection for submitted file

Source: Adobe-Setup.msi

ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.5% probability

Source:

Binary string: E:\BuildAgent\work\7589b5263c32e1c1\Source\Release\LDeviceDetectionHelper.pdb source: LDeviceDetectionHelper.exe, 00000002.00000000.1710310825.00000000009A9000.00000002.00000001.01000000.00000003.sdmp, LDeviceDetectionHelper.exe, 00000002.00000002.1783117717.00000000009A9000.00000002.00000001.01000000.00000003.sdmp, LDeviceDetectionHelper.exe, 00000003.00000000.1782419647.0000000000D59000.00000002.00000001.01000000.00000006.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4168075838.0000000000D59000.00000002.00000001.01000000.00000006.sdmp, LDeviceDetectionHelper.exe, 00000005.00000000.1849627206.0000000000D59000.00000002.00000001.01000000.00000006.sdmp, LDeviceDetectionHelper.exe, 00000005.00000002.1895457738.0000000000D59000.00000002.00000001.01000000.00000006.sdmp, LDeviceDetectionHelper.exe, 00000008.00000000.1930888327.0000000000D59000.00000002.00000001.01000000.00000006.sdmp, LDeviceDetectionHelper.exe, 00000008.00000002.1971121159.0000000000D59000.00000002.00000001.01000000.00000006.sdmp, LDeviceDetectionHelper.exe.1.dr, LDeviceDetectionHelper.exe.2.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Contains functionality to get notified if a device is plugged in / out

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe

Code function: 2_2_0094E580 RegisterClassW,CreateWindowExW,GetLastError,std::exception::exception,__CxxThrowException@8,ShowWindow,RegisterDeviceNotificationW,GetLastError,GetMessageW,GetMessageW,TranslateMessage,DispatchMessageW,GetMessageW,

2_2_0094E580

Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183
Source: unknown	TCP traffic detected without corresponding DNS query: 103.238.227.183

Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000ED7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe.1.dr, LDeviceDetectionHelper.exe.2.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3957722486.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574543625.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059410990.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050415638.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3658521789.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2986136118.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3581608918.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481669146.00000000014B1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3853215190.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3959353874.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3970620025.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4158200503.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369795657.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3757723729.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3768895735.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148705517.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3658452703.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3670670517.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4169746874.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4059410990.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050415638.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3970620025.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148705517.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059478971.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/0
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4059410990.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050415638.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3970620025.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148705517.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059478971.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/9
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3369795657.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369774109.00000000014AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/=
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3670670517.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3670104886.00000000014AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/K
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369795657.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369774109.00000000014AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/P
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/Y
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4059410990.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050415638.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3970620025.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148705517.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059478971.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/c
Source: LDeviceDetectionHelper.exe, 00000003.00000002.4169171667.0000000001438000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/e
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/g
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3369795657.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369774109.00000000014AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/l
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3189630486.0000000009E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msd
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4158200503.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4169746874.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4158280457.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3387373806.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3387400315.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownl
Source: LDeviceDetectionHelper.exe, 00000003.00000002.4169171667.0000000001438000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3093462675.0000000009E08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/aut
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2702672678.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3286733273.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2703218650.000000000998F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrooigE
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2794778012.000000000995C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574469532.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: LDeviceDetectionHelper.exe, 00000003.00000003.1861998702.00000000014C0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3189678889.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147748516.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.1862828375.00000000014C0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.1861616322.00000000014BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab$b
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3369668887.00000000014BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab$bL
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2889340226.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2976401281.000000000998D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab1
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4158200503.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4169171667.0000000001461000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4169680229.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0086b90dcfc22
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?16098aafced73
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2606387699.0000000009989000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2606464931.000000000998F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?236454ae6409e
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3447878140.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?77317a1c89729
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?85a20ca57e756
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3826281111.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?899fac7b36f9a
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3562358540.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?96c6009ad16b2
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3826281111.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9e65a423b999e
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b009a331b2090
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3574469532.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b20e8ce04136e
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4050415638.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ce1171f543746
Source: LDeviceDetectionHelper.exe, 00000003.00000002.4169680229.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ece842189c134
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f886fafa07530
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3959420839.0000000001497000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fa031dd4017c3
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3275627022.0000000009A2E000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369395828.0000000009A2E000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3189426863.00000000099D0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3189571270.0000000009A2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fe827779c7521
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3369634539.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3286733273.000000000998F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabH
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4157927729.000000000995D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059505757.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4051601161.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4051786281.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148938117.000000000995D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3959268993.000000000998A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3959380791.000000000998C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050639002.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4149469891.000000000995D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4174911278.000000000998A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3969710295.000000000995D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabK
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3670296252.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3669187953.0000000009931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabM
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3863869922.000000000998C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3863600547.0000000009931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabW
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3470251787.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3562823680.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147694135.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3658098176.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3825709171.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147393226.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3957364072.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3863869922.000000000998C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574272224.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3093579934.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481476700.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3470897894.0000000009990000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3175736218.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3670296252.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3756898630.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3387151467.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3093413909.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3669187953.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3863600547.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3376841898.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3767111135.000000000995E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabZ
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/u
Source: LDeviceDetectionHelper.exe, 00000003.00000002.4169746874.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4158149583.00000000014D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0086b90dcf
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2703090408.00000000014D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?16098aafce
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2606367351.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2703090408.00000000014D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?236454ae64
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3387426657.00000000014D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?77317a1c89
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2976574939.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2976497937.00000000014D3000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2889742100.00000000014D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?85a20ca57e
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3756952025.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3669955034.00000000014CD000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3756857328.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3757123606.00000000014D4000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3757701783.00000000014D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?899fac7b36
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3481992205.00000000014D4000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481669146.00000000014B1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481928245.00000000014D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?96c6009ad1
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3768536052.00000000014D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9e65a423b9
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3147622401.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3093536683.00000000014D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b009a331b2
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3574543625.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574617934.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574650189.00000000014D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b20e8ce041
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3369600537.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3387426657.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369735742.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3377207535.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3286685370.00000000014D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b92c29a6d3
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2976574939.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2986330919.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2877736466.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2976497937.00000000014D3000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2795451779.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2889742100.00000000014D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c635d253bb
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3970442752.00000000014D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ce1171f543
Source: LDeviceDetectionHelper.exe, 00000003.00000003.4158149583.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059354172.00000000014D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ece842189c
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3084946134.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2986330919.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3082176742.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3082977370.00000000014D6000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3093536683.00000000014D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f886fafa07
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3863784215.00000000014CD000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3863940073.00000000014DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fa031dd401
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3189552451.00000000014D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fe827779c7
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000ED7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe.1.dr, LDeviceDetectionHelper.exe.2.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000ED7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe.1.dr, LDeviceDetectionHelper.exe.2.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000ED7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe.1.dr, LDeviceDetectionHelper.exe.2.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000ED7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe.1.dr, LDeviceDetectionHelper.exe.2.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3957752061.0000000009990000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4174911278.000000000998A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3286733273.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3189506832.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3563831199.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2785120188.000000000998C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481006442.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3969710295.000000000995D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2794778012.000000000995C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369774109.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574469532.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2594544348.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2510705212.0000000009991000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/1
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3957722486.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3957559957.00000000014AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/J
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3189587862.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3175736218.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059505757.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4051601161.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4051786281.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3447878140.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148938117.000000000995D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369634539.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050639002.0000000009931000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4149469891.000000000995D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3286733273.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3189506832.000000000998D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/L
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481669146.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3562358540.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3447878140.000000000148A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/M
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2692901453.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2606387699.0000000009989000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2784703450.000000000998C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2702672678.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2692277352.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2757825988.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2594544348.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2606464931.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2510705212.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2703218650.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2785120188.000000000998C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/Q
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2692901453.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2784703450.000000000998C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2702672678.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2692277352.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2879656930.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2757825988.0000000009991000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2795635041.000000000998B000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2795950854.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2878216156.000000000998D000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2703218650.000000000998F000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2785120188.000000000998C000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2794778012.000000000995C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/Z
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3957722486.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3957559957.00000000014AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/a
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3957722486.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059410990.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050415638.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3959353874.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3970620025.00000000014AA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148705517.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369668887.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3957559957.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059478971.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/nc.
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3957722486.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3957559957.00000000014AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/nc.Y
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3369668887.00000000014BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/nc.q
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3189678889.00000000014BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/vo0?
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3369668887.00000000014BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183/vop8
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3574543625.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2785101047.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2606367351.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481992205.00000000014D4000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147622401.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2976574939.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3826026103.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3658962762.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3581322995.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000002.4169746874.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369600537.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3084946134.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481669146.00000000014B1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2510851709.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2986330919.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3082176742.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3387426657.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574617934.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3082977370.00000000014D6000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3470850626.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3854655550.00000000014D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2606367351.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2510851709.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2594895649.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/K
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2785101047.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2877736466.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2795451779.00000000014D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/L
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2510851709.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/P
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2606367351.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2510851709.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.2594895649.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/X
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3854655550.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3853148549.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4050132424.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3970442752.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3863784215.00000000014CD000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3863940073.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059354172.00000000014D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/c
Source: LDeviceDetectionHelper.exe, 00000003.00000003.2510851709.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/h
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3574543625.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481992205.00000000014D4000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369600537.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481669146.00000000014B1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3387426657.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574617934.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3470850626.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3369735742.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3377207535.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3562456061.00000000014D5000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3447800830.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3574650189.00000000014D4000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481928245.00000000014D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/k
Source: LDeviceDetectionHelper.exe, 00000003.00000003.3275593678.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3286685370.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3189552451.00000000014D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.238.227.183:443/m:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b009a331b20
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: LDeviceDetectionHelper.exe, 00000002.00000003.1751800677.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, Adobe-Setup.msi, 3d4fbf.msi.1.dr, hid.dll.2.dr, 3d4fbd.msi.1.dr, hid.dll.1.dr	String found in binary or memory: https://www.globalsign.com/repository/0

Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_10012799 CreateThread,CreateThread,NtdllDefWindowProc_W,		2_2_10012799
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_10011D5C memmove,memmove,Sleep,GetFileSize,ReadFile,ReadFile,Sleep,Sleep,memmove,memmove,Sleep,Sleep,NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,memmove,memmove,Sleep,EnumSystemGeoID,EnumSystemGeoID,		2_2_10011D5C

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\3d4fbd.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{F4D6B0DD-2932-436A-82C5-1296767ABB90}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI50D6.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\3d4fbf.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\3d4fbf.msi	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\3d4fbf.msi

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0095E720	2_2_0095E720
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0097B032	2_2_0097B032
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00978092	2_2_00978092
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00986122	2_2_00986122
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00972168	2_2_00972168
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_009022A0	2_2_009022A0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00974390	2_2_00974390
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_009383E0	2_2_009383E0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0099C50D	2_2_0099C50D
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0097265C	2_2_0097265C
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00972A74	2_2_00972A74
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0099CA7D	2_2_0099CA7D
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0095ECA0	2_2_0095ECA0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00972EA9	2_2_00972EA9
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0099EEC1	2_2_0099EEC1
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0099CFED	2_2_0099CFED
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_009732DE	2_2_009732DE
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0096D2C0	2_2_0096D2C0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0096B226	2_2_0096B226
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00983361	2_2_00983361
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0095B4B0	2_2_0095B4B0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0090D6B0	2_2_0090D6B0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0099D769	2_2_0099D769
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00987802	2_2_00987802
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CE4264	2_2_02CE4264
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CB6040	2_2_02CB6040
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C98004	2_2_02C98004
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CC4190	2_2_02CC4190
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD810A	2_2_02CD810A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CA66FC	2_2_02CA66FC
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C9A438	2_2_02C9A438
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD4582	2_2_02CD4582
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C9AA30	2_2_02C9AA30
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CA2BD8	2_2_02CA2BD8
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CCC8C2	2_2_02CCC8C2
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD080A	2_2_02CD080A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C90800	2_2_02C90800
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CA492A	2_2_02CA492A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C96F82	2_2_02C96F82
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C94FBE	2_2_02C94FBE
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CE0CB2	2_2_02CE0CB2
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CC4C26	2_2_02CC4C26
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CAADFC	2_2_02CAADFC
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CA92C8	2_2_02CA92C8
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD92CE	2_2_02CD92CE
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C9F2DA	2_2_02C9F2DA
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CA51A0	2_2_02CA51A0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CED69A	2_2_02CED69A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C95628	2_2_02C95628
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CC7451	2_2_02CC7451
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD3468	2_2_02CD3468
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CC75C4	2_2_02CC75C4
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD554A	2_2_02CD554A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C9B502	2_2_02C9B502
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CCDACE	2_2_02CCDACE
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C9FA5C	2_2_02C9FA5C
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CA5A2E	2_2_02CA5A2E
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C97B5E	2_2_02C97B5E
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C99B0A	2_2_02C99B0A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD190A	2_2_02CD190A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CD7902	2_2_02CD7902
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CB7E9C	2_2_02CB7E9C
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C9FEB6	2_2_02C9FEB6
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02D15FC4	2_2_02D15FC4
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CC5C0A	2_2_02CC5C0A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02C9BD7A	2_2_02C9BD7A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02D21D21	2_2_02D21D21
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DD1400	2_2_04DD1400
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04E2E29A	2_2_04E2E29A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DE2C1C	2_2_04DE2C1C
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DD8C04	2_2_04DD8C04
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04E04D90	2_2_04E04D90
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DE5DA0	2_2_04DE5DA0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04E18502	2_2_04E18502
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DE552A	2_2_04DE552A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DDFEDA	2_2_04DDFEDA
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DE9EC8	2_2_04DE9EC8
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04E0E6CE	2_2_04E0E6CE
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D0E720	3_2_00D0E720
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D2B032	3_2_00D2B032
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D28092	3_2_00D28092
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D22168	3_2_00D22168
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D36122	3_2_00D36122
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00CB22A0	3_2_00CB22A0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00CE83E0	3_2_00CE83E0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D24390	3_2_00D24390
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D4C50D	3_2_00D4C50D
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D2265C	3_2_00D2265C
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D22A74	3_2_00D22A74
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D4CA7D	3_2_00D4CA7D
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D0ECA0	3_2_00D0ECA0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D4EEC1	3_2_00D4EEC1
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D22EA9	3_2_00D22EA9
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D4CFED	3_2_00D4CFED
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D232DE	3_2_00D232DE
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D1D2C0	3_2_00D1D2C0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D1B226	3_2_00D1B226
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D33361	3_2_00D33361
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D0B4B0	3_2_00D0B4B0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00CBD6B0	3_2_00CBD6B0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D4D769	3_2_00D4D769
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D37802	3_2_00D37802
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053D1400	3_2_053D1400
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05374582	3_2_05374582
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0533A438	3_2_0533A438
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053466FC	3_2_053466FC
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0537810A	3_2_0537810A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05364190	3_2_05364190
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05338004	3_2_05338004
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05356040	3_2_05356040
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05384264	3_2_05384264
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0534ADFC	3_2_0534ADFC
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05364C26	3_2_05364C26
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05380CB2	3_2_05380CB2
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05334FBE	3_2_05334FBE
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05336F82	3_2_05336F82
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0534492A	3_2_0534492A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05330800	3_2_05330800
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0537080A	3_2_0537080A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0536C8C2	3_2_0536C8C2
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05342BD8	3_2_05342BD8
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0533AA30	3_2_0533AA30
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0533B502	3_2_0533B502
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0537554A	3_2_0537554A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053675C4	3_2_053675C4
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05373468	3_2_05373468
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05367451	3_2_05367451
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05335628	3_2_05335628
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0538D69A	3_2_0538D69A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053451A0	3_2_053451A0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0533F2DA	3_2_0533F2DA
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053792CE	3_2_053792CE
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053492C8	3_2_053492C8
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053C1D21	3_2_053C1D21
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0533BD7A	3_2_0533BD7A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05365C0A	3_2_05365C0A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053B5FC4	3_2_053B5FC4
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0533FEB6	3_2_0533FEB6
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05357E9C	3_2_05357E9C
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05377902	3_2_05377902
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0537190A	3_2_0537190A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05339B0A	3_2_05339B0A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05337B5E	3_2_05337B5E
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053D5BBE	3_2_053D5BBE
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_05345A2E	3_2_05345A2E
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0533FA5C	3_2_0533FA5C
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_0536DACE	3_2_0536DACE

Source: Joe Sandbox View	Dropped File: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe 282FC12E4F36B6E2558F5DD33320385F41E72D3A90D0D3777A31EF1BA40722D6
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe 282FC12E4F36B6E2558F5DD33320385F41E72D3A90D0D3777A31EF1BA40722D6

Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: String function: 00CA1F70 appears 50 times
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: String function: 00D24330 appears 56 times
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: String function: 00CD5530 appears 787 times
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: String function: 00CA2130 appears 69 times
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: String function: 00D19369 appears 55 times
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: String function: 00D1DAC9 appears 87 times
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: String function: 008F2130 appears 69 times
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: String function: 00925530 appears 807 times
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: String function: 00969369 appears 55 times
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: String function: 00974330 appears 56 times
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: String function: 008F1F70 appears 50 times
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: String function: 0096DAC9 appears 89 times

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Adobe-Setup.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Process created: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe 979 576
Source: unknown	Process created: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe "C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe" 890 904
Source: unknown	Process created: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe "C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe" 890 904
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Process created: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe 979 576	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Section loaded: winhttp.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00974375 push ecx; ret	2_2_00974388
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00976AEA push edi; ret	2_2_00976AEC
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00976C03 push esi; ret	2_2_00976C05
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00976DDE push esi; ret	2_2_00976DE0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00976EC7 push edi; ret	2_2_00976EC9
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00977757 push esi; ret	2_2_00977767
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0097798B push edi; ret	2_2_0097798D
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_0096DAA6 push ecx; ret	2_2_0096DAB9
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00977A29 push edi; ret	2_2_00977A2B
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02CB41A2 push eax; ret	2_2_02CB41A3
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04DF4DA2 push eax; ret	2_2_04DF4DA3
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D24375 push ecx; ret	3_2_00D24388
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D26AEA push edi; ret	3_2_00D26AEC
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D26C03 push esi; ret	3_2_00D26C05
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D26DDE push esi; ret	3_2_00D26DE0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D26EC7 push edi; ret	3_2_00D26EC9
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D27757 push esi; ret	3_2_00D27767
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D2798B push edi; ret	3_2_00D2798D
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D1DAA6 push ecx; ret	3_2_00D1DAB9
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D27A29 push edi; ret	3_2_00D27A2B
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053541A2 push eax; ret	3_2_053541A3

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	File created: C:\ProgramData\SecurityScan\hid.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\gVCgHiMSMMBE\hid.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	File created: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SetPoint Update			Jump to behavior
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SetPoint Update			Jump to behavior

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Memory written: PID: 7524 base: 74DF1720 value: E9 14 FA FD 8F	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Memory written: PID: 7608 base: 74DF1720 value: E9 14 FA 5D 90	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Memory written: PID: 7792 base: 74DF1720 value: E9 14 FA 78 90	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Memory written: PID: 7992 base: 74DF1720 value: E9 14 FA 7C 90	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe TID: 7664	Thread sleep count: 241 > 30	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe TID: 7664	Thread sleep time: -241000s >= -30000s	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe TID: 7664	Thread sleep count: 9653 > 30	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe TID: 7664	Thread sleep time: -9653000s >= -30000s	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe TID: 7816	Thread sleep count: 98 > 30	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe TID: 8008	Thread sleep count: 78 > 30	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: LDeviceDetectionHelper.exe, 00000003.00000003.2757694461.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4148705517.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4059410990.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.4158200503.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3481669146.0000000001489000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3562358540.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3826281111.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3147646947.000000000148A000.00000004.00000020.00020000.00000000.sdmp, LDeviceDetectionHelper.exe, 00000003.00000003.3447878140.000000000148A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: LDeviceDetectionHelper.exe, 00000003.00000002.4169171667.0000000001438000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpoH

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02D1A122 mov eax, dword ptr fs:[00000030h]	2_2_02D1A122
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_02D1BE75 mov eax, dword ptr fs:[00000030h]	2_2_02D1BE75
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_04E5AD22 mov eax, dword ptr fs:[00000030h]	2_2_04E5AD22
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053BA122 mov eax, dword ptr fs:[00000030h]	3_2_053BA122
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_053BBE75 mov eax, dword ptr fs:[00000030h]	3_2_053BBE75

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00972045 SetUnhandledExceptionFilter,	2_2_00972045
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00972068 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00972068
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D22045 SetUnhandledExceptionFilter,	3_2_00D22045
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D22068 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00D22068

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	2_2_0098C00C
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,GetLocaleInfoW,	2_2_00994583
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: EnumSystemLocalesW,	2_2_009947F3
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	2_2_009948B0
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	2_2_00994833
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	2_2_00974876
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_00994933
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,	2_2_00994B26
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	2_2_00994CFB
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_00994C4E
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	2_2_00994D63
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	2_2_0098B4C2
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	2_2_0098B5FF
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: EnumSystemLocalesW,	2_2_00973A1D
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	2_2_0098BA08
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,	2_2_00973A5A
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,	2_2_0096FCB8
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	3_2_00D3C00C
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,GetLocaleInfoW,	3_2_00D44583
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: EnumSystemLocalesW,	3_2_00D447F3
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	3_2_00D448B0
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	3_2_00D24876
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	3_2_00D44833
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_00D44933
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,	3_2_00D44B26
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	3_2_00D44CFB
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_00D44C4E
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	3_2_00D44D63
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	3_2_00D3B4C2
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	3_2_00D3B5FF
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: GetLocaleInfoW,	3_2_00D23A5A
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: EnumSystemLocalesW,	3_2_00D23A1D
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	3_2_00D3BA08
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,	3_2_00D1FCB8

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Windows Analysis Report Adobe-Setup.msi

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
Adobe-Setup.msi

Malware Threat Intel
Provided by

Source: Yara match	File source: 00000002.00000002.1784376779.0000000002E2A000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LDeviceDetectionHelper.exe PID: 7524, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00991375 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	2_2_00991375
Source: C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	Code function: 2_2_00991EDD Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,	2_2_00991EDD
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D41375 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	3_2_00D41375
Source: C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	Code function: 3_2_00D41EDD Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,	3_2_00D41EDD

ID:	1528310
Product:	CloudBasic
Start time:	19:09:07
Start date:	07.10.2024
Sample:	Adobe-Setup.msi
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	efef047506a403740c439b2f071e3901
SHA1:	a938f60b6f5b645d81e6a5f41fdf16f9610db8e6
SHA256:	c25b566d99d55fe5cb1a19290748dac70845663fe0f8bf78f741fe4440055551
Filetype:	Microsoft Windows Installer (60509/1) 88.31%

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\3d4fbe.rbs	data	F9DFE63005C8AF20B5B638C02B61BA6E	5D2F6528A362799F565574EC2C1CA00168CB1F85	DFB1421CA31977A3EC9B7380A0BB766ACEEC0C8AA17703FD1BA735EB4F6EF19C
C:\ProgramData\.Logitech\LDevice.dat	data	D31AC55A11C74E8A70E1AE4E9A2A40CB	4E884EEDF93ABA3019D20BC0EBC8257AA94D953C	4AAB12011D917E87D743A467A322F00706EA6D042C9C211709934825876B3B01
C:\ProgramData\SecurityScan\LDeviceDetectionHelper.exe	PE32 executable (GUI) Intel 80386, for MS Windows	084FE5E54DBF4D7287B48C5695D02D17	58A2693E67491569E9C8F17730159C64FFB5E6DD	282FC12E4F36B6E2558F5DD33320385F41E72D3A90D0D3777A31EF1BA40722D6
C:\ProgramData\SecurityScan\hid.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	63F013E0F1F8587F6EA1C973B3D67FC7	E03659EE830E2B55FDE1F5D040A0480DEE26EEB0	1E7E233814EC574DABB4ADD07FC162CAE6F35C9ABF83253E3C4AABA3712766D8
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	49AEBF8CBD62D92AC215B2923FB1B9F5	1723BE06719828DDA65AD804298D0431F6AFF976	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	40C8316098E999EDDDD93663FB88849F	FE3E982C43DEA9DFF4814827F8AC044087CE9A3F	9DE6E2DB88CCD1EDE2CB03C57AED5C77AB2FB2D449E5D0172264BA55D39B85EB
C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDevice.dat	data	D31AC55A11C74E8A70E1AE4E9A2A40CB	4E884EEDF93ABA3019D20BC0EBC8257AA94D953C	4AAB12011D917E87D743A467A322F00706EA6D042C9C211709934825876B3B01
C:\Users\user\AppData\Local\gVCgHiMSMMBE\LDeviceDetectionHelper.exe	PE32 executable (GUI) Intel 80386, for MS Windows	084FE5E54DBF4D7287B48C5695D02D17	58A2693E67491569E9C8F17730159C64FFB5E6DD	282FC12E4F36B6E2558F5DD33320385F41E72D3A90D0D3777A31EF1BA40722D6
C:\Users\user\AppData\Local\gVCgHiMSMMBE\hid.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	63F013E0F1F8587F6EA1C973B3D67FC7	E03659EE830E2B55FDE1F5D040A0480DEE26EEB0	1E7E233814EC574DABB4ADD07FC162CAE6F35C9ABF83253E3C4AABA3712766D8
C:\Windows\Installer\3d4fbd.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Windows Installer, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Windows Installer., Template: Intel;1033, Revision Number: {A509E431-2CD2-476D-A0C7-B01FC235F124}, Create Time/Date: Fri Aug 16 11:25:12 2024, Last Saved Time/Date: Fri Aug 16 11:25:12 2024, Number of Pages: 400, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2	EFEF047506A403740C439B2F071E3901	A938F60B6F5B645D81E6A5F41FDF16F9610DB8E6	C25B566D99D55FE5CB1A19290748DAC70845663FE0F8BF78F741FE4440055551
C:\Windows\Installer\3d4fbf.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Windows Installer, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Windows Installer., Template: Intel;1033, Revision Number: {A509E431-2CD2-476D-A0C7-B01FC235F124}, Create Time/Date: Fri Aug 16 11:25:12 2024, Last Saved Time/Date: Fri Aug 16 11:25:12 2024, Number of Pages: 400, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2	EFEF047506A403740C439B2F071E3901	A938F60B6F5B645D81E6A5F41FDF16F9610DB8E6	C25B566D99D55FE5CB1A19290748DAC70845663FE0F8BF78F741FE4440055551
C:\Windows\Installer\MSI50D6.tmp	data	42AFB917841F5FD6CAB703B023D9BF43	E15D33DC6CD4101A908276C1B97B54A57FFBB6C3	64E139C4D0DAEBDA79A6887945695CE6640A1C015374621D05749EB1B5469741
C:\Windows\Installer\SourceHash{F4D6B0DD-2932-436A-82C5-1296767ABB90}	Composite Document File V2 Document, Cannot read section info	CB39FF48C921D8034CDA820FF3E18EFE	8C139D3ED004F87620AAF4B3355021315123FDE5	B5E3EE50DA9B906CCE909D38AEE64985764D8DACE5A3B157D8221F6C8F29E4F8
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	E814DC3957219ECADDC1205C9E930866	44F3A171F8B93B0B95CB29D3E1D00B6FD0796441	EB53511222E7459941EE98BAFD34DFDC8B9A326EB9DD5CD1C4961A0D9CDF9B31
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E193BA22B4DE4EC0390EFB3C9B9124C9	A6C6112448C9FA506A2FA19EC3D0BB0E5DEBDEBA	442B59A0C6FF2E68597F2604E120E8FFA1D6E76AB15D976E0A9469969C222E09
C:\Windows\Temp\~DF13309DE02CD3908A.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF1B7B54C33606A20D.TMP	Composite Document File V2 Document, Cannot read section info	E814DC3957219ECADDC1205C9E930866	44F3A171F8B93B0B95CB29D3E1D00B6FD0796441	EB53511222E7459941EE98BAFD34DFDC8B9A326EB9DD5CD1C4961A0D9CDF9B31
C:\Windows\Temp\~DF248847D1B84556BA.TMP	Composite Document File V2 Document, Cannot read section info	E814DC3957219ECADDC1205C9E930866	44F3A171F8B93B0B95CB29D3E1D00B6FD0796441	EB53511222E7459941EE98BAFD34DFDC8B9A326EB9DD5CD1C4961A0D9CDF9B31
C:\Windows\Temp\~DF3ED6BB1E3153DF31.TMP	Composite Document File V2 Document, Cannot read section info	04448DF3A05252993B1F50DA76763114	6CDB3B3131B938230EB298B8AEB4531F1ABCE794	78897C14803F4E60112B0474F8A3EE796E9BC131F2EED2A0A09541986A89EE06
C:\Windows\Temp\~DF49E8D0CAD87935AC.TMP	data	5FF8D7CC0EAC22970000853A92FC7D80	35C89C8670D2467C45AE73777BD86AAD680BCDAE	9C71948DDAD2D0C382891EF2A2B76A7DAA38BE177781F9B32D2E8B74819D146D
C:\Windows\Temp\~DF55BE266166BFF487.TMP	Composite Document File V2 Document, Cannot read section info	04448DF3A05252993B1F50DA76763114	6CDB3B3131B938230EB298B8AEB4531F1ABCE794	78897C14803F4E60112B0474F8A3EE796E9BC131F2EED2A0A09541986A89EE06
C:\Windows\Temp\~DF7562E9697A5767F4.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF775CEE8E95BC32B0.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF903135700F6CEA34.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF9B5173F9AFF02972.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFA0D73703F2E63F02.TMP	data	512750EBD1BA4C2BA2B75DE6A67FD755	C4D142B1BA27B1D62F9897B41DABD60E0A2AE624	B03FA45F58B00990D1E3125DCAE8CB9D2B14852411E54F26297E339378C02E37
C:\Windows\Temp\~DFB8060E370B9496C2.TMP	Composite Document File V2 Document, Cannot read section info	04448DF3A05252993B1F50DA76763114	6CDB3B3131B938230EB298B8AEB4531F1ABCE794	78897C14803F4E60112B0474F8A3EE796E9BC131F2EED2A0A09541986A89EE06