Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
explorando-y-jugando.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page:
1252, Revision Number: {7AFBC8C6-179F-4DC5-B89F-9B7ED108178A}, Number of Words: 2, Subject: Explorando y Jugando, Author:
Inclusive Technology Ltd, Name of Creating Application: Advanced Installer 14.2.1 build 80371, Template: ;3082, Comments:
Esta base de datos del instalador contiene la lgica y los datos necesarios para instalar Explorando y Jugando., Title: Installation
Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\MSID66D.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSID7E5.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSID805.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSID815.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSID93F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\explorando-y-jugando.msi"
|
||
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding A1D006493CD647BD2EC1A35C9661BDDE C
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.inclusive.comAI_UNINSTALLERmsiexec.exeDialogBitmapdialogALLUSERS1ButtonText_Yes&S
|
unknown
|
||
https://www.thawte.com/cps0/
|
unknown
|
||
https://www.thawte.com/repository0W
|
unknown
|
||
http://www.advancedinstaller.com0
|
unknown
|