Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
XmlNotepadSetup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: XmlNotepad, Author: Lovett Software, Keywords: Installer, Comments: This installer database contains the
logic and data required to install XmlNotepad., Template: x64;1033, Revision Number: {A7A2242D-CE94-48CA-96B5-7B967212AA3C},
Create Time/Date: Sat Apr 27 01:04:18 2024, Last Saved Time/Date: Sat Apr 27 01:04:18 2024, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
|
initial sample
|
||
|
C:\Config.Msi\69f138.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\MSI9af9b.LOG
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIE03F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\69f137.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: XmlNotepad, Author: Lovett Software, Keywords: Installer, Comments: This installer database contains the
logic and data required to install XmlNotepad., Template: x64;1033, Revision Number: {A7A2242D-CE94-48CA-96B5-7B967212AA3C},
Create Time/Date: Sat Apr 27 01:04:18 2024, Last Saved Time/Date: Sat Apr 27 01:04:18 2024, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSIF33A.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{C2B7F827-898A-453D-BA5D-D81A15213CA8}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF046A1C8B47E3A175.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9BCDD56E671895B6.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB8522B262C4A53AC.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFEC39D5466F24DFE2.TMP
|
data
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\XmlNotepadSetup.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 387B4140C19CA638ADCF577AA7FD0D6D C
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://wixtoolset.org/
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\69f138.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\69f138.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E86A5F7370536A44ABD7CD88AF70E488
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FB3A89CC70DA1D4AB82D614D3A4169C
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14B7594C635B3C247BC959E59AC95D85
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F439F58C07EFB4AAA550CDA5BA38C8
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85EF2F3B73156464DB4291E1E2375F3D
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9382F062CD6E7A4B900CA72F70FE308
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B265EE423FF7014783F8C344DB4620C
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE18A464A2281E243935BDA03F5F5C9F
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CECDE3F0C925F98479710A3D0AA6339A
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BD2ADA59F76B6847B3F5ECD58B1F62F
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26DC0C075E6A4AD43963F3EC1FFB0B1D
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F334A7D287C0FB4DAC2B12AB5281FD5
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56891356629BC224393A1C39A8D0AE7C
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42281A2ED57FB1A4AB14012B07F0D56B
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D421AA86735E1764D856A722B2B0EFA3
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B2B50AE2449DFD49AE8DD08FD3E4B94
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\447837FA147F663458C2E68D8E0AC9AC
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EFC48D3E8FED8E47888F876A32A18D2
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DB90F3A570F0F74183C27371E60FC35
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075A6F6F38759B24D94A620C957ECDE4
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3C7BF8FA07E6E84CABE444BF4B94CDD
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F42D3A2123E9ABB449C01A49CC2B18EF
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C1321CF2669213459B7A03826DE65FE
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\748D3B1FB070117429AC7A6E74F06597
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C51005901565B9140AE5359BB1DB3EF2
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1D8929B6CA8BBE478C27D7E2EDEC88F
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47B5ECEB2F8ABFB41A64667471F010A4
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FF39D10181EA0C40BCF8DB514D3BDD8
|
728F7B2CA898D354ABD58DA15112C38A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\LovettSoftware\XmlNotepad\Samples\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\LovettSoftware\XmlNotepad\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\LovettSoftware\
|
There are 27 hidden registries, click here to show them.