Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
atencion_y_estimulacion_visual.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page:
1252, Revision Number: {36A468D7-B112-481E-AC92-7F8529874C22}, Number of Words: 2, Subject: Atencin y estimulacin visual,
Author: Inclusive Technology Ltd, Name of Creating Application: Advanced Installer 14.2.1 build 80371, Template: ;3082, Comments:
Esta base de datos del instalador contiene la lgica y los datos necesarios para instalar Atencin y estimulacin visual., Title:
Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\MSIDB26.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIDBF2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIDC03.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIDC23.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIDE37.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\atencion_y_estimulacion_visual.msi"
|
||
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding E85D5D35B24865A3B7876DC8C57EC5ED C
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.inclusive.comAI_UNINSTALLERmsiexec.exeDialogBitmapdialogALLUSERS1ButtonText_Yes&S
|
unknown
|
||
https://www.thawte.com/cps0/
|
unknown
|
||
https://www.thawte.com/repository0W
|
unknown
|
||
http://www.advancedinstaller.com0
|
unknown
|