Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MSI_Driver_Utility_Installer.exe

Overview

General Information

Sample name:MSI_Driver_Utility_Installer.exe
Analysis ID:1540488
MD5:f9c25c5ee0fca9e2bda9f3100a373769
SHA1:a92be1c66580cfea982cebef9653e841a50577db
SHA256:a769543008ab4605c39dbfa1e137456b0b40847c951d95f9b36e6b8fdf016375
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Creates COM task schedule object (often to register a task for autostart)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

  • System is w10x64
  • MSI_Driver_Utility_Installer.exe (PID: 3064 cmdline: "C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe" MD5: F9C25C5EE0FCA9E2BDA9F3100A373769)
    • WerFault.exe (PID: 3508 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1300 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: MSI_Driver_Utility_Installer.exeStatic PE information: certificate valid
Source: MSI_Driver_Utility_Installer.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: \??\C:\Windows\WindowsBase.pdbX source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\MSI\msiDeviceHelper\MSIDeviceHelperApp\obj\Release\MSI_Driver_Utility_Installer.pdb source: MSI_Driver_Utility_Installer.exe
Source: Binary string: PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowsBase.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbp source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdbU source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbL source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\WindowsBase.pdb` source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\WindowsBase.pdbpdbase.pdbn6 source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS# source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: C:\Windows\PresentationFramework.pdbpdbork.pdbdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\PresentationFramework.pdbJp source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, WER1901.tmp.dmp.4.dr
Source: Binary string: System.Xaml.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: MSI_Driver_Utility_Installer.pdb@, source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdbT source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: PresentationFramework.Aero2.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: nC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbas source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\WindowsBase.pdbG source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbFF#T source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2175106324.00000000059C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\MSI_Driver_Utility_Installer.pdbpdbler.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.pdb87 source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbM source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER1901.tmp.dmp.4.dr
Source: Binary string: PresentationCore.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbdbework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: WindowsBase.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: n.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: n0C:\Windows\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\dll\WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: CustomMarshalers.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: MSI_Driver_Utility_Installer.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\PresentationFramework.pdbsnO source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: %%.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: PresentationCore.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp, WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xaml.ni.pdbRSDSDg{V source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb:6 source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.Aero2.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: PresentationCore.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Xaml.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Core.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: symbols\dll\mscorlib.pdbLb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.Aero2.pdb?3 source: WER1901.tmp.dmp.4.dr
Source: Binary string: ework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.Aero2.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/MainWindow.xaml
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/MainWindow.xamld
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/MainWindow.xaml
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/MainWindow.xamld
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/mainwindow.baml
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/mainwindow.bamld
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: https://download.)https://download-cn.
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: https://liveupdate.-https://liveupdate-cn.
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/DQA/
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/DQA/Miscellaneous.cfg
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/Miscellaneous.cfg
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/Miscellaneous.cfgghttps://liveupdate.msi.com/
Source: MSI_Driver_Utility_Installer.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1300
Source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000EEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs MSI_Driver_Utility_Installer.exe
Source: MSI_Driver_Utility_Installer.exe, App.csTask registration methods: 'CreateTaskOnLogonAndNetworkConnect', 'CreateTaskAndRun', 'CreateTaskOnLogon'
Source: MSI_Driver_Utility_Installer.exe, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition'
Source: classification engineClassification label: clean4.winEXE@2/6@0/0
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeFile created: C:\Users\user\Desktop\LogJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeMutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3064
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeMutant created: \Sessions\1\BaseNamedObjects\MSI Driver Utility Installer
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeFile created: C:\Users\user\AppData\Local\Temp\MSI_Driver_Utility_InstallerJump to behavior
Source: MSI_Driver_Utility_Installer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: MSI_Driver_Utility_Installer.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeFile read: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe "C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe"
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1300
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: MSI_Driver_Utility_Installer.exeStatic PE information: certificate valid
Source: MSI_Driver_Utility_Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: MSI_Driver_Utility_Installer.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: MSI_Driver_Utility_Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: \??\C:\Windows\WindowsBase.pdbX source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\MSI\msiDeviceHelper\MSIDeviceHelperApp\obj\Release\MSI_Driver_Utility_Installer.pdb source: MSI_Driver_Utility_Installer.exe
Source: Binary string: PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowsBase.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbp source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdbU source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbL source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\WindowsBase.pdb` source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\WindowsBase.pdbpdbase.pdbn6 source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS# source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: C:\Windows\PresentationFramework.pdbpdbork.pdbdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\PresentationFramework.pdbJp source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, WER1901.tmp.dmp.4.dr
Source: Binary string: System.Xaml.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: MSI_Driver_Utility_Installer.pdb@, source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdbT source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: PresentationFramework.Aero2.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: nC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbas source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\WindowsBase.pdbG source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbFF#T source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2175106324.00000000059C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\MSI_Driver_Utility_Installer.pdbpdbler.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.pdb87 source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbM source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER1901.tmp.dmp.4.dr
Source: Binary string: PresentationCore.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbdbework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: WindowsBase.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: n.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: n0C:\Windows\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\dll\WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: CustomMarshalers.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: MSI_Driver_Utility_Installer.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\PresentationFramework.pdbsnO source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: %%.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: PresentationCore.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmp, MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp, WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xaml.ni.pdbRSDSDg{V source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb:6 source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.Aero2.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: PresentationCore.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Xaml.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Core.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: symbols\dll\mscorlib.pdbLb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.Aero2.pdb?3 source: WER1901.tmp.dmp.4.dr
Source: Binary string: ework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173389154.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.Aero2.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\symbols\dll\WindowsBase.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\PresentationFramework.pdb source: MSI_Driver_Utility_Installer.exe, 00000000.00000002.2173980447.0000000000F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: PresentationFramework.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WER1901.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER1901.tmp.dmp.4.dr
Source: MSI_Driver_Utility_Installer.exeStatic PE information: 0xF1B9BB18 [Sun Jul 6 10:31:52 2098 UTC]
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeMemory allocated: ED0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeMemory allocated: 10E0000 memory reserve | memory write watchJump to behavior
Source: Amcache.hve.4.drBinary or memory string: VMware
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: vmci.sys
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: VMware20,1
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeQueries volume information: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Scheduled Task/Job
11
Scheduled Task/Job
1
Process Injection
1
Masquerading
OS Credential Dumping21
Security Software Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
11
Scheduled Task/Job
2
Virtualization/Sandbox Evasion
LSASS Memory2
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading
1
Disable or Modify Tools
Security Account Manager12
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1540488 Sample: MSI_Driver_Utility_Installer.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 4 5 MSI_Driver_Utility_Installer.exe 6 2->5         started        process3 7 WerFault.exe 22 16 5->7         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
MSI_Driver_Utility_Installer.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://foo/MainWindow.xamldMSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
    unknown
    http://foo/bar/mainwindow.bamlMSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
      unknown
      http://foo/bar/mainwindow.bamldMSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
        unknown
        http://defaultcontainer/MainWindow.xamldMSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
          unknown
          http://foo/MainWindow.xamlMSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
            unknown
            https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/DQA/MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
              unknown
              https://download.)https://download-cn.MSI_Driver_Utility_Installer.exefalse
                unknown
                https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/DQA/Miscellaneous.cfgMSI_Driver_Utility_Installer.exefalse
                  unknown
                  http://upx.sf.netAmcache.hve.4.drfalse
                  • URL Reputation: safe
                  unknown
                  https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/Miscellaneous.cfgMSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
                    unknown
                    https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/Miscellaneous.cfgghttps://liveupdate.msi.com/MSI_Driver_Utility_Installer.exefalse
                      unknown
                      http://defaultcontainer/MainWindow.xamlMSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
                        unknown
                        https://liveupdate.msi.com/cd/MSI_WU_DRIVER/MB/Release/MSI_Driver_Utility_Installer.exe, 00000000.00000002.2174474839.0000000002B35000.00000004.00000800.00020000.00000000.sdmpfalse
                          unknown
                          https://liveupdate.-https://liveupdate-cn.MSI_Driver_Utility_Installer.exefalse
                            unknown
                            No contacted IP infos
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1540488
                            Start date and time:2024-10-23 20:31:00 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 0s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:10
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:MSI_Driver_Utility_Installer.exe
                            Detection:CLEAN
                            Classification:clean4.winEXE@2/6@0/0
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 52.168.117.173
                            • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                            • Report size getting too big, too many NtSetInformationFile calls found.
                            • VT rate limit hit for: MSI_Driver_Utility_Installer.exe
                            TimeTypeDescription
                            14:31:56API Interceptor1x Sleep call for process: WerFault.exe modified
                            No context
                            No context
                            No context
                            No context
                            No context
                            Process:C:\Windows\SysWOW64\WerFault.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):65536
                            Entropy (8bit):1.2244962451579287
                            Encrypted:false
                            SSDEEP:192:Odxh33oAh+0BU/Ka2iHlaup+04zuiFxZ24IO8u:qh3YcBU/Ka/Tg04zuiFxY4IO8u
                            MD5:5F24B27DCF8EE4D45FAB921D000EBCE3
                            SHA1:071E0F16D890E2AF1C1192F040DDC51934BC0457
                            SHA-256:845BADBED4969AE08CDCFEB7178698BDD50F067185D68B6F292168A2CFFF124E
                            SHA-512:B6C7381C23963FD6A52A0D4B9D52DFAA384ED0A76DB1997A24064B1FD7D9F618A92F29E2CC535806C214DDFDDF40E8707C3CCAF18A0C4DF2E7ABE3B490914A6D
                            Malicious:false
                            Reputation:low
                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.1.8.1.9.1.2.7.1.6.6.0.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.1.8.1.9.1.3.7.3.2.2.3.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.3.3.b.d.e.a.e.-.1.f.f.a.-.4.0.0.6.-.8.f.a.4.-.e.4.5.3.f.3.9.7.e.0.0.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.e.9.9.e.1.8.9.-.2.9.7.f.-.4.f.0.b.-.9.8.e.d.-.7.7.c.4.c.d.7.4.a.4.8.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.S.I._.D.r.i.v.e.r._.U.t.i.l.i.t.y._.I.n.s.t.a.l.l.e.r...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.M.S.I._.D.r.i.v.e.r._.U.t.i.l.i.t.y._.I.n.s.t.a.l.l.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.f.8.-.0.0.0.1.-.0.0.1.5.-.d.b.7.9.-.d.9.d.3.7.9.2.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.2.a.9.0.8.8.3.5.e.7.1.b.a.4.e.f.3.b.f.9.3.a.4.9.6.5.f.f.9.6.0.0.0.0.0.0.0.0.0.!.0.0.
                            Process:C:\Windows\SysWOW64\WerFault.exe
                            File Type:Mini DuMP crash report, 15 streams, Wed Oct 23 18:31:53 2024, 0x1205a4 type
                            Category:dropped
                            Size (bytes):347499
                            Entropy (8bit):4.62827699007198
                            Encrypted:false
                            SSDEEP:6144:BRg/3AUtaJ2ccngCDAF4ojTgvvtRB7+yWyoZz8v:BWAijVkjTivdy
                            MD5:0DD6D5D62C2A2810B1FE82A2302F85B5
                            SHA1:2D7173C10079478C636803EB0E29EBB01ED66E5C
                            SHA-256:AA982631BC0A86FEF78C25EC105C518324F47054FDC0FB5D0E6B97627A41C67C
                            SHA-512:6A140FDB23FE89D9D28EEBA6C94C452A3EC5CCD6C263D111218182CCABE6C2D3DF71F33322B52FFF56346ABA9345C389D45BB147F7A7F181B5CFC585B45D18D7
                            Malicious:false
                            Reputation:low
                            Preview:MDMP..a..... ........A.g........................p...........$...h$.......C...N..........`.......8...........T............2...............$..........x&..............................................................................eJ.......'......GenuineIntel............T............A.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Windows\SysWOW64\WerFault.exe
                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):8516
                            Entropy (8bit):3.6958947722456768
                            Encrypted:false
                            SSDEEP:192:R6l7wVeJwi6R6Y2DBSU65gmfZ/FprO89bLOsf6x5m:R6lXJF6R6Y8SU65gmfBPLNf7
                            MD5:0B7E7911C89F1BE19703CB1E9D890548
                            SHA1:3F82221EB9FD7794F086FD0B9339BAB5DD197CA8
                            SHA-256:ECD672B48FCDCC98BA513EEEFFD83884834D8466BD8E372C4971601AA2BCCD98
                            SHA-512:E638860D2B5358646FB8D9DBF9C7838C15E6209FC4E8D1AED15BF2001B97D02CE6980F72AF3B2DFFB53F07E8CD9DB9939FFE86FCBFADDB794B49525212919D3C
                            Malicious:false
                            Reputation:low
                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.0.6.4.<./.P.i.
                            Process:C:\Windows\SysWOW64\WerFault.exe
                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4917
                            Entropy (8bit):4.539973346462834
                            Encrypted:false
                            SSDEEP:48:cvIwWl8zsHJg77aI9/3L4WpW8VYZYm8M4JuppUPGcMRF1+q8v8pUPGcMgbvGSNSQ:uIjfpI79N7VZJmfTBK+fTg9ILmd
                            MD5:4141F5EB676205693D39A7F70AD9B6FA
                            SHA1:819C0FF5BF20F919BEE43B9AE6D1B1E7D33F5D54
                            SHA-256:CB508F7E8895BA07D25910BF4BE16C9786ACB7DC1EC3D7D0984BE101A3AE3387
                            SHA-512:D72CA4BAEEC56CE73EC091074A2E4DE367DFFCDB8EF54036F6C521DF7894956C1242F7A4261087CF3E032D7D73578A5A173521E31E558A362D8F06421499766B
                            Malicious:false
                            Reputation:low
                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="556414" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                            Process:C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):309
                            Entropy (8bit):4.781464892740637
                            Encrypted:false
                            SSDEEP:6:MIVRoJRohXF0RohXFpE2IR2C+FtSZFR2FHnZFR2NaoiZFR2iGrLj:MIVaJaRF0aRFpK8C+r0F8F5F8NjkF8is
                            MD5:92D19D084C713A748B609B54BC952F9B
                            SHA1:8174CF657BA72B58086659BFEAD6873F2ECE4D8C
                            SHA-256:94FD639C2DEC17337B761051E8EB96F1F2A98A534716EF4E6E43AA3A2120FA38
                            SHA-512:D519C112DC7B1386C150806376CEBAC1129AB1A17F8F1898B9B10FFB85E91C356BAFA0109CE02511DA2A84940BEE1D37EE6B87C91CE2BBB75BBB65A2A7D5F5C5
                            Malicious:false
                            Reputation:low
                            Preview:10-23-2024 14:31:51.721 | Action = 0..10-23-2024 14:31:51.736 | ActionName = ..10-23-2024 14:31:51.736 | Launch = 0..10-23-2024 14:31:52.018 | CheckQADriverFight = false..10-23-2024 14:31:52.018 | DQA Mode = false..10-23-2024 14:31:52.018 | Local Mode = false..10-23-2024 14:31:52.018 | Encoding Mode = true..
                            Process:C:\Windows\SysWOW64\WerFault.exe
                            File Type:MS Windows registry file, NT/2000 or above
                            Category:dropped
                            Size (bytes):1835008
                            Entropy (8bit):4.469107365406448
                            Encrypted:false
                            SSDEEP:6144:WzZfpi6ceLPx9skLmb0fCZWSP3aJG8nAgeiJRMMhA2zX4WABluuN+jDH5S:4ZHtCZWOKnMM6bFpUj4
                            MD5:99ED25E4EBE2E9F4C3C780D977965B09
                            SHA1:1FF8B849F0B358AF80284BB2D8230E130454D675
                            SHA-256:FF561CD4C8F9362C84FB61695818769B682080C666757022B4539DF334EA0490
                            SHA-512:781AC0B5F3FE4A81EBB5FEEC29C4E7D1A0633CBDBAA3D87B6D8A2C238D329986BD322BE55ADA9215FEEACC9E5756E7F74495D4B40E4CC921DEF107CD6C8B94E2
                            Malicious:false
                            Reputation:low
                            Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.T..y%..............................................................................................................................................................................................................................................................................................................................................9...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):5.624783966432837
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                            • Win32 Executable (generic) a (10002005/4) 49.97%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            • DOS Executable Generic (2002/1) 0.01%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:MSI_Driver_Utility_Installer.exe
                            File size:471'760 bytes
                            MD5:f9c25c5ee0fca9e2bda9f3100a373769
                            SHA1:a92be1c66580cfea982cebef9653e841a50577db
                            SHA256:a769543008ab4605c39dbfa1e137456b0b40847c951d95f9b36e6b8fdf016375
                            SHA512:77cec8d847ca9e0dbf543f773929f47445063528598a109324e66814da7d027fbe0d795a1e09efeffcf412ae0280188aa6ed6e4195bbeca8e82f85d3c0d7a081
                            SSDEEP:3072:DtHIhH0bRSwKx/Iz1mHIY2zBO6NGkexo3FMmwIoMzBF6NG7IxXo8DLMYnmr:DtH2H0bvmQU6reCMmdH68In3MIM
                            TLSH:5FA4F7627010367DCDF74672A02FE86341797E4A4B58AB16286AB5F30FB6340D12F9DE
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0......&........... ........@.. .......................@............`................................
                            Icon Hash:01556d75595934c8
                            Entrypoint:0x43d0ce
                            Entrypoint Section:.text
                            Digitally signed:true
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0xF1B9BB18 [Sun Jul 6 10:31:52 2098 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                            Signature Valid:true
                            Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                            Signature Validation Error:The operation completed successfully
                            Error Number:0
                            Not Before, Not After
                            • 16/02/2023 09:32:31 11/04/2026 07:04:13
                            Subject Chain
                            • CN="MICRO-STAR INTERNATIONAL CO., LTD.", O="MICRO-STAR INTERNATIONAL CO., LTD.", STREET="No. 69, Lide St., Zhonghe Dist.", L=New Taipei, S=New Taipei, C=TW, OID.1.3.6.1.4.1.311.60.2.1.3=TW, SERIALNUMBER=22178368, OID.2.5.4.15=Private Organization
                            Version:3
                            Thumbprint MD5:08904AA7CDDF0CC4BB6C08960D196F19
                            Thumbprint SHA-1:50C72E6B3FA3E3F1FE63590C22321A061BC7C39C
                            Thumbprint SHA-256:EADC62F82CCCA610B3931C0AB726AAC47CCE0189CBA057EF6C3C7DB8192F79C4
                            Serial:0DD71FDD49A3E43DFC5DE6F5
                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            inc ebp
                            lodsd
                            div edi
                            mov eax, dword ptr [007CE6DDh]
                            wait
                            pop es
                            or eax, ebx
                            add dword ptr [ebx], ebp
                            out 00h, eax
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3d07b0x4f.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3e0000x323f4.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x6da000x58d0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3cfd40x38.text
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x3b0e80x3b200be76f14a66d937091e23a9f20f36741fFalse0.26577778144820297data5.604042674720596IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0x3e0000x323f40x324003780905823fe1a865d434b87d50f868fFalse0.23146960509950248data5.228466617027523IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x720000xc0x200b62eb70587acc0eb206fbda3ffb1626dFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_ICON0x3e3200x1628Device independent bitmap graphic, 64 x 128 x 8, image size 46080.40426657263751764
                            RT_ICON0x3f9580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.505863539445629
                            RT_ICON0x408100xba8Device independent bitmap graphic, 40 x 80 x 8, image size 19200.5254691689008043
                            RT_ICON0x413c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.6177797833935018
                            RT_ICON0x41c800x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 6720.6872119815668203
                            RT_ICON0x423580x608Device independent bitmap graphic, 20 x 40 x 8, image size 4800.6910621761658031
                            RT_ICON0x429700x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.6979768786127167
                            RT_ICON0x42ee80x2987PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9483585739817515
                            RT_ICON0x458800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.10737312196853188
                            RT_ICON0x560b80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.13309333613622032
                            RT_ICON0x5f5700x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.16307763401109057
                            RT_ICON0x64a080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.18091639111950875
                            RT_ICON0x68c400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.21732365145228216
                            RT_ICON0x6b1f80x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 67200.2467455621301775
                            RT_ICON0x6cc700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2804878048780488
                            RT_ICON0x6dd280x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.37008196721311476
                            RT_ICON0x6e6c00x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 16800.41569767441860467
                            RT_ICON0x6ed880x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.48226950354609927
                            RT_GROUP_ICON0x6f2000x102data0.6085271317829457
                            RT_VERSION0x6f3140x466data0.36589698046181174
                            RT_MANIFEST0x6f78c0xc61XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.39034395708425373
                            DLLImport
                            mscoree.dll_CorExeMain
                            TimestampSource PortDest PortSource IPDest IP
                            Oct 23, 2024 20:32:10.065992117 CEST53636911.1.1.1192.168.2.6

                            Click to jump to process

                            Click to jump to process

                            Click to dive into process behavior distribution

                            Click to jump to process

                            Target ID:0
                            Start time:14:31:51
                            Start date:23/10/2024
                            Path:C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\MSI_Driver_Utility_Installer.exe"
                            Imagebase:0x6e0000
                            File size:471'760 bytes
                            MD5 hash:F9C25C5EE0FCA9E2BDA9F3100A373769
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            Target ID:4
                            Start time:14:31:52
                            Start date:23/10/2024
                            Path:C:\Windows\SysWOW64\WerFault.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1300
                            Imagebase:0x2c0000
                            File size:483'680 bytes
                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            No disassembly