Windows Analysis Report
DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe

Overview

General Information

Sample name: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe
Analysis ID: 1538410
MD5: dacc5eb0638261f3c44a3f0bd1cc5ea1
SHA1: bb57e14f1df59b3ad73f388c7a37bd008b57f22f
SHA256: 680614bf60ff1f1f408e8457ff288ca8a22e1939ba5415fe0c9df082b04dd594
Infos:

Detection

Score: 29
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Compliance

Score: 49
Range: 0 - 100

Signatures

Tries to delay execution (extensive OutputDebugStringW loop)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates processes with suspicious names
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Execution From GUID Like Folder Names
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Compliance
barindex
Uses 32bit PE files
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\End User Licence Agreement_EN.rtf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\RunAfterMsiexec.exe
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\3rd_party_licences.txt
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\dl.ico
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\DisplayLinkTrayApp.exe
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlcdcncm.cat
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlcdcncm.inf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlcdcncm660.sys
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb.cat
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb.inf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb2.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb3.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb4.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio.cat
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio.inf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio.sys
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio_x64.sys
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\ella-dock-release.spkg
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\firefly-monitor-release.spkg
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\navarro-dock-release.spkg
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\ridge-dock-release.spkg
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\INF\setupapi.app.log
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\End User Licence Agreement_EN.rtf
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\DisplayLink Core Software\End User Licence Agreement_EN.rtf
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: certificate valid
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Checks for available system drives (often done to infect USB drives)
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: z:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: x:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: v:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: t:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: r:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: p:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: n:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: l:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: j:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: h:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: f:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: b:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: y:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: w:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: u:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: s:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: q:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: o:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: m:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: k:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: i:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: g:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: e:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: c:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: a:
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackgroundGray.bmp
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Creates driver files
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLCDCNCM_W10\ARM64\dlcdcncm660.sys
Creates files inside the driver directory
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{cece1d3f-e74a-f249-88a0-1b90332bb107}
Creates files inside the system directory
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: C:\Windows\INF\oem0.PNF
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: C:\Windows\INF\oem1.PNF
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: C:\Windows\INF\oem3.PNF
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\44e40c.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE62F.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE67E.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE8D0.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE92F.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE99E.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE9CD.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEA2C.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEA8B.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEAF9.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEB39.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEB69.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEB89.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEBA9.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEF06.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEF26.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEF75.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFA15.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFA64.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFAB3.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFB50.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFBBF.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFC4C.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFC9B.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFD87.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFDB7.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFEC1.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI26C.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI328.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI377.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\controlPanelIcon.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5BA.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI60A.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI639.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIBF7.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB538.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\INF\setupapi.app.log
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\dlusbaudio.inf_amd64_a428131a0367c25a
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\inf\oem4.inf
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIE62F.tmp
PE file contains executable resources (Code or Archives)
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Resource name: EXE type: PE32 executable (console) Intel 80386, for MS Windows
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Resource name: EXE type: Microsoft Cabinet archive data, many, 2407 bytes, 3 files, at 0x44 +A "AddProduct.reg" +A "ImportSettings.reg", flags 0x4, ID 4937, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
Uses 32bit PE files
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: sus29.evad.winEXE@26/93@1/0
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\DisplayLink Core Software
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6708:120:WilError_03
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\DisplayLinkSetupPrevInstanceDetector
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: C:\Users\user\AppData\Local\Temp\DLSD610.log
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File read: C:\Windows\win.ini
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknown Process created: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe "C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe"
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe "C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe" -y -o"C:\Users\user\AppData\Local\Temp\DL2.tmp\"
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe "C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe" -y -o"C:\Users\user\AppData\Local\Temp\DL2.tmp\"
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe DL6C3C.exe /exelang 2057 DL_INSTALL_AUDIO=Yes DL_NO_EULA=Yes DL_PROMOTE_STORE_APP=Yes DL_PRODUCT_NAME="DisplayLink Graphics" DL_BRANDING_UPGRADE_CODE="{78A36ACD-80D5-490f-B4C4-83D7FCC08391}" DL_BRANDING_PRODUCT_CODE="{82526EEF-64FA-465A-9900-592AA20D44BD}" DL_BRANDING_CAB="C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6D95.tmp" DL_BRANDING_NEW_DEVICE_ACTIVITY=mirror0 DL_ID_USBDRIVER_PATH="C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64" DL_HOTDESK_SERVICE="No" DL_INSTALL_ANALYTICS=Yes DL_VMM_FIRMWARE_INCLUDED="No" DL_TEMP_DIR="C:\Users\user\AppData\Local\Temp\DL2.tmp\" /lv "C:\Users\user\AppData\Local\Temp\DLC6CDE.LOG"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 94024F9F8BD1D3638DCAEE8B74C7EA90 C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 974BD1C330F60C48087D2F1BF259B4BF C
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe DL6C3C.exe /exelang 2057 DL_INSTALL_AUDIO=Yes DL_NO_EULA=Yes DL_PROMOTE_STORE_APP=Yes DL_PRODUCT_NAME="DisplayLink Graphics" DL_BRANDING_UPGRADE_CODE="{78A36ACD-80D5-490f-B4C4-83D7FCC08391}" DL_BRANDING_PRODUCT_CODE="{82526EEF-64FA-465A-9900-592AA20D44BD}" DL_BRANDING_CAB="C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6D95.tmp" DL_BRANDING_NEW_DEVICE_ACTIVITY=mirror0 DL_ID_USBDRIVER_PATH="C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64" DL_HOTDESK_SERVICE="No" DL_INSTALL_ANALYTICS=Yes DL_VMM_FIRMWARE_INCLUDED="No" DL_TEMP_DIR="C:\Users\user\AppData\Local\Temp\DL2.tmp\" /lv "C:\Users\user\AppData\Local\Temp\DLC6CDE.LOG"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 94024F9F8BD1D3638DCAEE8B74C7EA90 C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 974BD1C330F60C48087D2F1BF259B4BF C
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe "C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe" /i C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkIDD.msi /lv C:\Users\user\AppData\Local\Temp\DLC6CDE.LOG AI_EUIMSI=1 APPDIR="C:\Program Files\DisplayLink Core Software" M_DIR="C:\ProgramData\Microsoft" SECONDSEQUENCE="1" CLIENTPROCESSID="6296" AI_MORE_CMD_LINE=1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7D931FF378BB0B801383919D978EEAE0
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 74644EEC4A25804F6BC0B9ED2A06AE76
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\taskkill.exe taskkill.exe /f /im DisplayLinkTrayApp.exe /im DisplayLinkUI.exe /t
Source: C:\Windows\System32\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 23A62B8C91BCD058BBC9425B5A3E0538 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3AE1FDA64AA5ECDB06105BC78B949EB3 E Global\MSI0000
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe "C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe" /i C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkIDD.msi /lv C:\Users\user\AppData\Local\Temp\DLC6CDE.LOG AI_EUIMSI=1 APPDIR="C:\Program Files\DisplayLink Core Software" M_DIR="C:\ProgramData\Microsoft" SECONDSEQUENCE="1" CLIENTPROCESSID="6296" AI_MORE_CMD_LINE=1
Source: unknown Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{073afcc1-74b6-014d-a1ff-5f367b711623}\dlusbaudio.inf" "9" "7d2fb252b" "00000000000000D4" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files\DisplayLink Core Software\Drivers"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7D931FF378BB0B801383919D978EEAE0
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 74644EEC4A25804F6BC0B9ED2A06AE76
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 23A62B8C91BCD058BBC9425B5A3E0538 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3AE1FDA64AA5ECDB06105BC78B949EB3 E Global\MSI0000
Source: unknown Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{45f50a8f-b0eb-b54b-a38a-d204d968e6fa}\dlcdcncm.inf" "9" "72d21657f" "0000000000000178" "WinSta0\Default" "000000000000017C" "208" "C:\Program Files\DisplayLink Core Software\Drivers"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\taskkill.exe taskkill.exe /f /im DisplayLinkTrayApp.exe /im DisplayLinkUI.exe /t
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: devobj.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: userenv.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: spinf.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: devrtl.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: drvstore.dll
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: davhlpr.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: lpk.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msihnd.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: tsappcmp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msisip.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msiso.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: mshtml.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: srpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: jscript9.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msimtf.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: d2d1.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dxcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: jscript.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: davhlpr.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: lpk.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msihnd.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: tsappcmp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: msisip.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: spinf.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: drvstore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: newdev.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devobj.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\End User Licence Agreement_EN.rtf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\RunAfterMsiexec.exe
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\3rd_party_licences.txt
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\dl.ico
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\DisplayLinkTrayApp.exe
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlcdcncm.cat
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlcdcncm.inf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlcdcncm660.sys
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb.cat
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb.inf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb2.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb3.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlidusb4.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio.cat
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio.inf
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio.sys
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\dlusbaudio_x64.sys
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\ella-dock-release.spkg
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\firefly-monitor-release.spkg
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\navarro-dock-release.spkg
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\DisplayLink Core Software\Drivers\ridge-dock-release.spkg
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: certificate valid
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static file information: File size 66460600 > 1048576
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x151600
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x3da9a00
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Creates processes with suspicious names
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: \displaylink usb graphics software for windows11.5 m1-exe.exe
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: \displaylink usb graphics software for windows11.5 m1-exe.exe
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: \displaylink usb graphics software for windows11.5 m1-exe.exe
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: \displaylink usb graphics software for windows11.5 m1-exe.exe
Drops PE files
Source: C:\Windows\SysWOW64\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\cl_5963.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEF75.tmp Jump to dropped file
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb4.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\FileOperations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkDriverSwapService.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\shi8D41.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\lzmaextractor.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb4.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\MSI9096.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLUSBAUDIO\dlusbaudio_x64.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\DisplayLink Core Software\AddOnApi64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\decoder.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLCDCNCM_W10\x64\dlcdcncm660.sys Jump to dropped file
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFC9B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\tempFiles.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkHotDeskService.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\DisplayLink Core Software\RunAfterMsiexec.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\DisplayLink Core Software\DisplayLinkTrayApp.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe File created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb3.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEF75.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFC9B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\INF\setupapi.app.log
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File created: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\End User Licence Agreement_EN.rtf
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\DisplayLink Core Software\End User Licence Agreement_EN.rtf
Source: C:\Windows\System32\msiexec.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DisplayLinkTrayApp
Source: C:\Windows\System32\msiexec.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DisplayLinkTrayApp
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Section loaded: OutputDebugStringW count: 322
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: OutputDebugStringW count: 871
Source: C:\Windows\System32\msiexec.exe Section loaded: OutputDebugStringW count: 488
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Memory allocated: 7390000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Memory allocated: 8270000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Memory allocated: 8340000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Memory allocated: 8990000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Memory allocated: 79D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Memory allocated: 88D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Memory allocated: 79F0000 memory commit | memory reserve | memory write watch
Found dropped PE file which has not been started or loaded
Source: C:\Windows\SysWOW64\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\cl_5963.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIEF75.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb4.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\FileOperations.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkDriverSwapService.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi8D41.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\lzmaextractor.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb4.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLUSBAUDIO\dlusbaudio_x64.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9096.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\DisplayLink Core Software\AddOnApi64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\decoder.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLCDCNCM_W10\x64\dlcdcncm660.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIFC9B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\tempFiles.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkHotDeskService.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\DisplayLink Core Software\RunAfterMsiexec.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\DisplayLink Core Software\DisplayLinkTrayApp.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD} FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackgroundGray.bmp
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe File opened: C:\Users\user\AppData\Local
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe "C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe" /i C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkIDD.msi /lv C:\Users\user\AppData\Local\Temp\DLC6CDE.LOG AI_EUIMSI=1 APPDIR="C:\Program Files\DisplayLink Core Software" M_DIR="C:\ProgramData\Microsoft" SECONDSEQUENCE="1" CLIENTPROCESSID="6296" AI_MORE_CMD_LINE=1
Uses taskkill to terminate processes
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\taskkill.exe taskkill.exe /f /im DisplayLinkTrayApp.exe /im DisplayLinkUI.exe /t
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe dl6c3c.exe /exelang 2057 dl_install_audio=yes dl_no_eula=yes dl_promote_store_app=yes dl_product_name="displaylink graphics" dl_branding_upgrade_code="{78a36acd-80d5-490f-b4c4-83d7fcc08391}" dl_branding_product_code="{82526eef-64fa-465a-9900-592aa20d44bd}" dl_branding_cab="c:\users\user\appdata\local\temp\dl2.tmp\dl6d95.tmp" dl_branding_new_device_activity=mirror0 dl_id_usbdriver_path="c:\users\user\appdata\local\temp\dl2.tmp\dlidusb\x64" dl_hotdesk_service="no" dl_install_analytics=yes dl_vmm_firmware_included="no" dl_temp_dir="c:\users\user\appdata\local\temp\dl2.tmp\" /lv "c:\users\user\appdata\local\temp\dlc6cde.log"
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe dl6c3c.exe /exelang 2057 dl_install_audio=yes dl_no_eula=yes dl_promote_store_app=yes dl_product_name="displaylink graphics" dl_branding_upgrade_code="{78a36acd-80d5-490f-b4c4-83d7fcc08391}" dl_branding_product_code="{82526eef-64fa-465a-9900-592aa20d44bd}" dl_branding_cab="c:\users\user\appdata\local\temp\dl2.tmp\dl6d95.tmp" dl_branding_new_device_activity=mirror0 dl_id_usbdriver_path="c:\users\user\appdata\local\temp\dl2.tmp\dlidusb\x64" dl_hotdesk_service="no" dl_install_analytics=yes dl_vmm_firmware_included="no" dl_temp_dir="c:\users\user\appdata\local\temp\dl2.tmp\" /lv "c:\users\user\appdata\local\temp\dlc6cde.log"
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe "c:\users\user\appdata\local\temp\dl2.tmp\dl6c3c.exe" /i c:\users\user\appdata\local\temp\{34cd39a3-d094-47b4-86f9-5bc6461cc0ad}\61cc0ad\displaylinkidd.msi /lv c:\users\user\appdata\local\temp\dlc6cde.log ai_euimsi=1 appdir="c:\program files\displaylink core software" m_dir="c:\programdata\microsoft" secondsequence="1" clientprocessid="6296" ai_more_cmd_line=1
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Process created: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe "c:\users\user\appdata\local\temp\dl2.tmp\dl6c3c.exe" /i c:\users\user\appdata\local\temp\{34cd39a3-d094-47b4-86f9-5bc6461cc0ad}\61cc0ad\displaylinkidd.msi /lv c:\users\user\appdata\local\temp\dlc6cde.log ai_euimsi=1 appdir="c:\program files\displaylink core software" m_dir="c:\programdata\microsoft" secondsequence="1" clientprocessid="6296" ai_more_cmd_line=1
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackgroundGray.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackground.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\publicSoftwareBanner.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackgroundGray.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\publicSoftwareBanner.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackgroundGray.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackground.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\publicSoftwareBanner.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackgroundGray.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackground.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\publicSoftwareBanner.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlProgress.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{cece1d3f-e74a-f249-88a0-1b90332bb107}\dlusbaudio.cat VolumeInformation
Source: C:\Users\user\Desktop\DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
windows-stand
⊘No contacted IP infos

Contacted Domains

Name IP Active
206.23.85.13.in-addr.arpa unknown unknown