Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

setup.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {BCD29B76-7AAB-464F-8087-3934E74A40A6}, Number of Words: 10, Subject: JoisApp, Author: Uifie Public Co, Name of Creating Application: JoisApp, Template: ;1033, Comments: This installer database contains the logic and data required to install JoisApp., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jun 11 18:02:03 2024, Last Saved Time/Date: Tue Jun 11 18:02:03 2024, Last Printed: Tue Jun 11 18:02:03 2024, Number of Pages: 450

initial sample

C:\Users\user\AppData\Local\Temp\msiC168.txt

Unicode text, UTF-16, little-endian text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\pssC17B.ps1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scrC169.ps1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Config.Msi\49b9d9.rbs

data

modified

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prqpuxge.4sm.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ummbptzo.u52.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Installer\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}\icon_31.exe

MS Windows icon resource - 5 icons, 96x96, 32 bits/pixel, 72x72, 32 bits/pixel

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\D3DCompiler_47_cor3.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\LICENSE

ASCII text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.CSharp.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.DiaSymReader.Native.amd64.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Microsoft.VisualBasic.Core.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Core.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Gui.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Network.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Svg.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\Qt5Widgets.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\UnRAR.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-console-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-datetime-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-debug-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-errorhandling-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-file-l2-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-handle-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-heap-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-interlocked-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-libraryloader-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-localization-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-memory-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-namedpipe-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processenvironment-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-processthreads-l1-1-1.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-profile-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-rtlsupport-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\api-ms-win-core-string-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\axvlc.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\bibfgi.rar

EBCDIC text, with very long lines (65536), with no line terminators, with overstriking

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clretwrc.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\clrjit.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\coreclr.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units.dat

ASCII text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_ca.dat

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_de.dat

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_es.dat

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_fr.dat

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_ru.dat

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\units_sv.dat

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Assign Prerequisites.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Assign Resources.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Column Options.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Delete Column.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Delete Row.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Delete.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Duplicate.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Hide Report.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Icon Copyright.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Insert Column.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Insert Report.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Insert Row.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Down.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Left.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Right.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Move Up.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\New Project.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Pencil.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, image size 768, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Pointer.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, image size 768, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Report.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Left Fast.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Left Slow.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Right Fast.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll Right Slow.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Scroll to Task.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\Show Hidden.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 24, resolution 2835 x 2835 px/m, cbSize 822, bits offset 54

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-audio-io.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-basic-ui.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-channel.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-cloud-audiocom.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\lib-command-parameters.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuin68.dll

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libicuuc68.dll

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libreadline8.dll

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libsodium-23.dll

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libssl-1_1.dll

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\libstdc++-6.dll

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\ruw9eigh.rar

RAR archive data, v5

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\steamerrorreporter.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\vstdlib_s.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\49b9d7.msi

dropped

C:\Windows\Installer\49b9da.msi

dropped

C:\Windows\Installer\MSIBD13.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSIBE8B.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSIBF76.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSIC052.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSIC0B1.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSIC100.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSID0FF.tmp

data

dropped

C:\Windows\Installer\SourceHash{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Installer\inprogressinstallinfo.ipi

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Windows\Temp\~DF329A3AA316082E4C.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF490A6790C1A4D0F9.TMP

data

dropped

C:\Windows\Temp\~DF51F1BF394124ADCD.TMP

data

dropped

C:\Windows\Temp\~DF565464BD0D1AF5B3.TMP

data

dropped

C:\Windows\Temp\~DF5BAA4C353D6EFE6D.TMP

data

dropped

C:\Windows\Temp\~DF63DFDA173C93B2DA.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF720AE72BBD10BCAD.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF932B8DC9C3D1AC9C.TMP

data

dropped

C:\Windows\Temp\~DFA52A27C63467EA69.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFB7F0C2633F6CC7BC.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFD6CADD20AD474E0A.TMP

data

dropped

C:\Windows\Temp\~DFF392CEFFA99FEF27.TMP

data

dropped

There are 107 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"

Details

Is windows:	true
Is dropped:	false
PID:	6668
Target ID:	0
Parent PID:	2580
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	14:22:55
Date:	11/06/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c52e0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Suspicious MsiExec Embedding Parent	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Details

Is windows:	true
Is dropped:	false
PID:	6768
Target ID:	1
Parent PID:	620
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	C:\Windows\system32\msiexec.exe /V
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	14:22:55
Date:	11/06/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c52e0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Suspicious MsiExec Embedding Parent	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7

Details

Is windows:	true
Is dropped:	false
PID:	6948
Target ID:	2
Parent PID:	6768
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\msiexec.exe
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 76F054D823F7B346F706921024C133C7
Size:	59904
MD5:	9D09DC1EDA745A5F87553048E57620CF
Time:	14:22:56
Date:	11/06/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xf40000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Suspicious MsiExec Embedding Parent	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

Details

Is windows:	true
Is dropped:	false
PID:	7060
Target ID:	3
Parent PID:	6948
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Commandline:	-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssC17B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiC168.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrC169.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrC16A.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Size:	433152
MD5:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Time:	14:22:57
Date:	11/06/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x740000
Modulesize:	446464
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Bypasses PowerShell execution policy	HIPS / PFW / Operating System Protection Evasion	PowerShell
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Suspicious MsiExec Embedding Parent	System Summary
Very long cmdline option found, this is very uncommon (may be encrypted or packed)	HIPS / PFW / Operating System Protection Evasion	Command and Scripting Interpreter
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	3192
Target ID:	4
Parent PID:	7060
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	14:22:57
Date:	11/06/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://nuget.org/NuGet.exe

unknown

http://crl.certum.pl/ctsca2021.crl0o

unknown

https://sectigo.com/CPS0

unknown

http://repository.certum.pl/ctnca.cer09

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0

unknown

http://ocsp.sectigo.com0

unknown

http://pesterbdd.com/images/Pester.png

unknown

http://www.aiim.org/pdfa/ns/id/

unknown

http://crl.certum.pl/ctnca.crl0k

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

https://go.micro

unknown

https://github.com/mono/linker/issues/1416.

unknown

https://contoso.com/License

unknown

https://contoso.com/Icon

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

unknown

http://ccsca2021.crl.certum.pl/ccsca2021.crl0s

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#

unknown

https://www.certum.pl/CPS0

unknown

http://www.color.org)

unknown

https://github.com/Pester/Pester

unknown

http://repository.certum.pl/ccsca2021.cer0

unknown

https://github.com/dotnet/runtime

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y

unknown

http://repository.certum.pl/ctsca2021.cer0

unknown

https://aka.ms/pscore6lB

unknown

http://subca.ocsp-certum.com05

unknown

http://subca.ocsp-certum.com02

unknown

https://github.com/mono/linker/issues/1906.

unknown

http://subca.ocsp-certum.com01

unknown

https://contoso.com/

unknown

https://nuget.org/nuget.exe

unknown

https://www.openssl.org/H

unknown

http://crl.certum.pl/ctnca2.crl0l

unknown

http://repository.certum.pl/ctnca2.cer09

unknown

http://gay-domain.com

unknown

http://ccsca2021.ocsp-certum.com05

unknown

https://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67

172.67.154.227

http://gay-domain.com/userLicense.php?iugeh=9501&aigfj=sojgjf&sufv=67

172.67.154.227

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://gay-domain.com

unknown

http://www.certum.pl/CPS0

unknown

There are 31 hidden URLs, click here to show them.

Domains

Name

Malicious

gay-domain.com

172.67.154.227

Details

Name:	gay-domain.com
IP:	172.67.154.227
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

172.67.154.227

gay-domain.com

United States

Details

IP:	172.67.154.227
TargetID:	3
Current Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	gay-domain.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Config.Msi\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\49b9d9.rbs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\49b9d9.rbsLow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Microsoft\Installer\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\10EBF3F1225700F479B95D924879DD99

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\21608984A957A424E8DE5FBE61ADD0F3

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\0E16A9F9AAEB2E34794E018B9153B7E2

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\38659E412CBED5044B085B8C558127FD

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\BA5B0CC8CCE431D42BC67236512F6D0A

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\FDCC33FE6DB9B79489C5BB7E66557FC5

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\38378D02E0C853E46BB4DABEEDF1A368

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\4A9DC08D99D3D164CBBEC58ACC35C8DE

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D9FDFD8BD0885254881666D290D2F089

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\085343E606DA7C6419AAC72876B399A5

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\4B8C2ABC0E60C144195C53F53F18312E

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\FA68FE0D210B9594990C88BB947F50DE

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\6A45575404D7E8B4390564633E830C49

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\B91BFB171CA6DF541B1E5F4D87393C5F

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\457D2003EB3346345BEC7A4F0B15337E

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\E11E925798AE9BC4F9DB870B9EF6FCFB

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\8E9284C42CB357844A5D91BA11952301

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\23A5ABD1FE6EA5B48B3F7F179D0973F6

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\7A4F7A1CCD4F3FA4AB4F3AA32D7633F7

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\016178669C7AEA945A5A748891EF21BB

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D88EA3454D29C064BADA07137624880E

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\8FA04731A92BB4D4CA364E3EF86D5F93

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\988DDC7DF1DC1E24B87E2AA96B331C5D

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\B607358FB111D824BA319C46C7744260

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D46A7E130E89D994C996728276DE23DD

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\1A67071D87669DC44998FAC1D9E6397D

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D565841C8DC023E4D916862DF4BB0381

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\0E65C3157B869D0479A62743B48ECAE0

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\A91F411B3C5A0034792763729B43F548

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\FD413AE181408D94A82E50ED8C796E0E

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\49BB67679DC0A2B48BAA9AAFDC6B8876

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\03215338AD63CDA418D4CDCCD509F0DB

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\883A837034ECA3C44B7BAEAFD08B6D5F

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\09677BB5D2792164DBF7EE2C3C60D8BE

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\5C4B99CE34E2A914CA1601ED26330D60

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\FD19E979E7427C346BCF1551372F3DC7

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\20F4A92982FA4C8478A920F4E6E75B1E

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\49E4C361BA16EB140A681AF257525E6F

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\E095F448482366F41A5C256761B96D90

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\866D071E1A6CA4840943FA23491DF344

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\DCF5F57B787F1EB48B5E01D3F118387F

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\05B2708F23467C946A4104CFE4B0B55B

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\6D8661B98C0E94F43BE4DFD5803F5AC9

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\4892C34FFE0C3E94C8782F722DD455BF

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\9EA5C6939FF313542BB502B0215CD53A

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\96CA72C56E6DDD3468B4030B0AAFE74B

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\63797C87F808ABE41B58B9EAD791AB17

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D60E400FB4CE1904090EE24DCDEFD43E

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\B493C3E76419B5F498C9A364AA100B6D

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\AB6F434EADE1D864891B0D65018E4020

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\0E28E5409C3416043BB13EED6FA8DC68

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\75EB7FF75D417CC4DAF0E8BC310A6DC5

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\B417767D4314BA445BA24D36BB595467

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\175771868BE49664A95E7E48355CBF47

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Uifie Public Co\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\data\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Uifie Public Co\JoisApp\icons\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Microsoft\Installer\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}\

HKEY_CURRENT_USER\SOFTWARE\Uifie Public Co\JoisApp

Version

HKEY_CURRENT_USER\SOFTWARE\Uifie Public Co\JoisApp

Path

HKEY_CURRENT_USER\SOFTWARE\Uifie Public Co\JoisApp

ExpireLeft

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

LocalPackage

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

Size

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

Language

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Size

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Version

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2D3436A53F234FE4EB1DCFBB09423570

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\InstallProperties

DisplayName

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C7E6E451-02A3-4DC3-B2F7-C5FDB39DC91C}

DisplayName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\154E6E7C3A203CD42B7F5CDF3BD99CC1

MainFeature

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\Features

MainFeature

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\Patches

AllPatches

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

ProductName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

PackageCode

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

Language

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

Version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

Assignment

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

AdvertiseFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

ProductIcon

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

InstanceType

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

AuthorizedLUAApp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

DeploymentFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\2D3436A53F234FE4EB1DCFBB09423570

154E6E7C3A203CD42B7F5CDF3BD99CC1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\SourceList

PackageName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\SourceList\Net

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\SourceList\Media

DiskPrompt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\SourceList\Media

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1

Clients

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\154E6E7C3A203CD42B7F5CDF3BD99CC1\SourceList

LastUsedSource

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings

JITDebug

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS

FileDirectory

There are 144 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

87C0000

heap

page read and write

7C70000

trusted library allocation

page read and write

86D0000

trusted library allocation

page read and write

3258000

heap

page read and write

548A000

trusted library allocation

page read and write

4BE2000

trusted library allocation

page read and write

7580000

heap

page read and write

78DF000

heap

page read and write

7820000

trusted library allocation

page read and write

8EBD000

stack

page read and write

3407000

heap

page read and write

724D000

stack

page read and write

7C60000

trusted library allocation

page read and write

8F69000

trusted library allocation

page read and write

51C0000

heap

page execute and read and write

7CB0000

trusted library allocation

page execute and read and write

8730000

trusted library allocation

page execute and read and write

7A47000

trusted library allocation

page read and write

8E3E000

stack

page read and write

4BC9000

trusted library allocation

page read and write

8F8A000

trusted library allocation

page read and write

78BD000

heap

page read and write

6365000

trusted library allocation

page read and write

871E000

stack

page read and write

7A50000

trusted library allocation

page read and write

7A60000

trusted library allocation

page read and write

8F78000

trusted library allocation

page read and write

7810000

heap

page execute and read and write

4D1C000

stack

page read and write

33C0000

heap

page read and write

74DA000

stack

page read and write

4BE0000

trusted library allocation

page read and write

58A2000

trusted library allocation

page read and write

3261000

heap

page read and write

7837000

heap

page read and write

7C40000

trusted library allocation

page read and write

3120000

heap

page read and write

511E000

stack

page read and write

73DE000

stack

page read and write

7B0E000

stack

page read and write

76EF000

stack

page read and write

4BB0000

trusted library allocation

page read and write

3038000

stack

page read and write

7AC9000

trusted library allocation

page read and write

58AF000

trusted library allocation

page read and write

31B0000

heap

page read and write

8E7E000

stack

page read and write

772E000

stack

page read and write

5881000

trusted library allocation

page read and write

7AB5000

trusted library allocation

page read and write

5326000

trusted library allocation

page read and write

4D30000

heap

page read and write

4BE5000

trusted library allocation

page execute and read and write

303D000

stack

page read and write

8FA0000

trusted library allocation

page read and write

7BD0000

trusted library allocation

page execute and read and write

31E8000

heap

page read and write

515E000

stack

page read and write

4BB3000

trusted library allocation

page execute and read and write

755D000

stack

page read and write

7A67000

trusted library allocation

page read and write

7A40000

trusted library allocation

page read and write

76AE000

stack

page read and write

5479000

trusted library allocation

page read and write

878E000

stack

page read and write

7C50000

trusted library allocation

page read and write

2DDC000

stack

page read and write

87E5000

heap

page read and write

58BD000

trusted library allocation

page read and write

3135000

heap

page read and write

751E000

stack

page read and write

5486000

trusted library allocation

page read and write

8F40000

trusted library allocation

page read and write

8F7F000

trusted library allocation

page read and write

8F7A000

trusted library allocation

page read and write

89D0000

trusted library allocation

page read and write

54B8000

trusted library allocation

page read and write

7840000

heap

page read and write

8F90000

trusted library allocation

page read and write

4D25000

heap

page execute and read and write

78C1000

heap

page read and write

519E000

stack

page read and write

8F62000

trusted library allocation

page read and write

4BC0000

trusted library allocation

page read and write

50BE000

stack

page read and write

8F43000

trusted library allocation

page read and write

7B8E000

stack

page read and write

50C0000

trusted library allocation

page read and write

3130000

heap

page read and write

78C5000

heap

page read and write

4C00000

trusted library allocation

page read and write

728E000

stack

page read and write

8D7E000

stack

page read and write

3400000

heap

page read and write

8F8F000

trusted library allocation

page read and write

7BCD000

stack

page read and write

8740000

heap

page read and write

78CC000

heap

page read and write

4BBD000

trusted library allocation

page execute and read and write

8A5E000

stack

page read and write

7570000

heap

page read and write

8DFE000

stack

page read and write

8F5B000

trusted library allocation

page read and write

735B000

stack

page read and write

546F000

trusted library allocation

page read and write

7830000

heap

page read and write

4C7E000

stack

page read and write

5877000

trusted library allocation

page read and write

4D37000

heap

page read and write

4C20000

trusted library allocation

page execute and read and write

6239000

trusted library allocation

page read and write

8CFE000

stack

page read and write

7876000

heap

page read and write

4BB4000

trusted library allocation

page read and write

8F94000

trusted library allocation

page read and write

8FE0000

trusted library allocation

page execute and read and write

51D1000

trusted library allocation

page read and write

5B40000

trusted library allocation

page read and write

8F50000

trusted library allocation

page read and write

33F0000

trusted library allocation

page read and write

31B8000

heap

page read and write

4C30000

heap

page read and write

8F65000

trusted library allocation

page read and write

58B5000

trusted library allocation

page read and write

3090000

heap

page read and write

30DE000

stack

page read and write

8A1D000

stack

page read and write

31DC000

heap

page read and write

4CC0000

trusted library allocation

page read and write

57FF000

trusted library allocation

page read and write

54BE000

trusted library allocation

page read and write

745A000

stack

page read and write

61F9000

trusted library allocation

page read and write

7AC0000

trusted library allocation

page read and write

7C20000

trusted library allocation

page read and write

8DBE000

stack

page read and write

7C00000

trusted library allocation

page read and write

6378000

trusted library allocation

page read and write

311F000

stack

page read and write

7C30000

trusted library allocation

page read and write

7885000

heap

page read and write

7B4E000

stack

page read and write

78D4000

heap

page read and write

7C90000

trusted library allocation

page read and write

8F3C000

stack

page read and write

7A70000

trusted library allocation

page read and write

545B000

trusted library allocation

page read and write

8720000

heap

page read and write

4D20000

heap

page execute and read and write

5232000

trusted library allocation

page read and write

89C0000

trusted library allocation

page read and write

86C0000

trusted library allocation

page read and write

8C7E000

stack

page read and write

8F60000

trusted library allocation

page read and write

8EFE000

stack

page read and write

3233000

heap

page read and write

58C5000

trusted library allocation

page read and write

8F85000

trusted library allocation

page read and write

4C10000

heap

page readonly

583F000

trusted library allocation

page read and write

776F000

stack

page read and write

55F9000

trusted library allocation

page read and write

5892000

trusted library allocation

page read and write

8690000

heap

page read and write

545F000

trusted library allocation

page read and write

7BE0000

trusted library allocation

page read and write

78DA000

heap

page read and write

89CC000

trusted library allocation

page read and write

8D3F000

stack

page read and write

4CC8000

trusted library allocation

page read and write

7BF0000

trusted library allocation

page read and write

8CBE000

stack

page read and write

739E000

stack

page read and write

54C2000

trusted library allocation

page read and write

8FB0000

trusted library allocation

page read and write

33BE000

stack

page read and write

741E000

stack

page read and write

749E000

stack

page read and write

720F000

stack

page read and write

87D8000

heap

page read and write

58B3000

trusted library allocation

page read and write

7CA0000

trusted library allocation

page read and write

731D000

stack

page read and write

7C10000

trusted library allocation

page read and write

61D1000

trusted library allocation

page read and write

7951000

heap

page read and write

319E000

stack

page read and write

4CBF000

stack

page read and write

58C8000

trusted library allocation

page read and write

7C80000

trusted library allocation

page read and write

There are 180 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
setup.msi

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsetup.msi

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
setup.msi