Windows Analysis Report
DE-1550 Installer v1.03_rev1 07-23-2018.msi

Overview

General Information

Sample Name:	DE-1550 Installer v1.03_rev1 07-23-2018.msi
Analysis ID:	831165
MD5:	08af3aac53f698f92b16583e6a76b2aa
SHA1:	f34527fe04eded912253b494e4b7b9dc29150283
SHA256:	cdec38d9934ee64d57f09ce851de1b9f3b4f823e4b7b5420a8c1254f53eabdee
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Queries the volume information (name, serial number etc) of a device

Modifies existing windows services

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Deletes files inside the Windows folder

Drops PE files to the windows directory (C:\Windows)

Creates files inside the system directory

Stores files to the Windows start menu directory

Checks for available system drives (often done to infect USB drives)

Found dropped PE file which has not been started or loaded

Classification

Signatures

Source:	Binary string: C:\Dev\@Altronic\de1550_pcapp\DE-1550\obj\x86\Debug\Altronic DE-1550.pdb source: Altronic DE-1550.exe.3.dr
Source:	Binary string: DPCA.pdb source: DE-1550 Installer v1.03_rev1 07-23-2018.msi, MSI591B.tmp.2.dr, MSI584F.tmp.2.dr, 118801b.msi.3.dr, 118801d.msi.3.dr, MSI81A2.tmp.3.dr, MSI80E6.tmp.3.dr
Source:	Binary string: C:\Dev\@Altronic\de1550_pcapp\DE-1550\obj\x86\Debug\Altronic DE-1550.pdbDp source: Altronic DE-1550.exe.3.dr
Source:	Binary string: DPCA.pdb<0 source: DE-1550 Installer v1.03_rev1 07-23-2018.msi, MSI591B.tmp.2.dr, MSI584F.tmp.2.dr, 118801b.msi.3.dr, 118801d.msi.3.dr, MSI81A2.tmp.3.dr, MSI80E6.tmp.3.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: d:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Installer	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Installer\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior

Sample file is different than original file name gathered from version info

Source: DE-1550 Installer v1.03_rev1 07-23-2018.msi

Binary or memory string: OriginalFilenameDPCA.DLL^ vs DE-1550 Installer v1.03_rev1 07-23-2018.msi

Tries to load missing DLLs

Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: edgegdi.dll	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI80E6.tmp

Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\118801b.msi

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\DE-1550 Installer v1.03_rev1 07-23-2018.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 84DA78192880581D6829482FFD39CF6A C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C6401D95ECC4BE08AAC131C3978679E2
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 84DA78192880581D6829482FFD39CF6A C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C6401D95ECC4BE08AAC131C3978679E2	Jump to behavior

Source: DE-1550 Installer v1.03_rev1 07-23-2018.msi

Static file information: TRID: Microsoft Windows Installer (77509/1) 90.64%

Source: DE-1550.lnk.3.dr

LNK file: ..\..\..\..\..\Installer\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}\_8FE7F6AC6251280AFC5837.exe

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Altronic LLC

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Installer

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\MSI584F.tmp

Jump to behavior

Source: classification engine

Classification label: clean5.winMSI@6/33@0/0

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: MSI591B.tmp.2.dr, MSI584F.tmp.2.dr, 118801b.msi.3.dr, 118801d.msi.3.dr, MSI81A2.tmp.3.dr, MSI80E6.tmp.3.dr

Binary or memory string: SELECT `Directory`, `DefaultDir` FROM `Directory` WHERE `Directory_Parent` = '%s'Software\Microsoft\NET Framework Setup\NDP\v3.%lu%sSOFTWARE\Microsoft\NET Framework Setup\DotNetClient\v3.5Software\Microsoft\NET Framework Setup\NDPSELECT * FROM `%s`Custom action not implemented.ToggleNearestAppRoot.kernel32IsWow64ProcessProcess call was successful.The error indicates that IIS is in 64 bit mode, while this application is a 32 bit application and thus not compatible.The error indicates that IIS is in 32 bit mode, while this application is a 64 bit application and thus not compatible.The error indicates that this version of ASP.NET must first be registered on the machine.Unknown Error.The call to aspnet_regiis.exe was failed. Path: '%s'Process Call Result Code: '%ld'Process Exit Code: '%ld'.Create Process failed.Running process '%s' with parameters '%s' silently...Access denied.CoInitializeEx - COM initialization Free Threaded.FAILED:%ldCoInitializeEx - COM initialization Apartment Threaded...Attach Debugger To MeVSCADEBUGATTACHSetTARGETSITETargetVersion%s\v%d\%sGatherWebSitesGatherAppPoolsSetTARGETAPPPOOLTARGETIISPATHRoot//LM/TARGETVDIRTARGETSITESetTARGETIISPATHaspnet_regiis.exeRESULTPath = PathUsing 64 bit registry key...Reading registry value Path from key 'HKLM\%s'...Software\Microsoft\ASP.NET\%sProductNameRunning show message with fUseMessageBox = %sFALSETRUEVSDINVALIDURLMSGHideFatalErrorFormopenExecuting URL '%s' with source directory '%s'...SourceDirRESULT:Condition is false.RESULT:Condition is true. Nothing more to do.Evaluating condition '%s'...Getting the condition to evaluate...A launch condition has already fired. My work is done here.Checking a launch condition..."/><supportedRuntime version=";VSDFxConfigFile

Source: C:\Windows\System32\msiexec.exe	Automated click: Next >
Source: C:\Windows\System32\msiexec.exe	Automated click: Next >
Source: C:\Windows\System32\msiexec.exe	Automated click: Next >

Source:	Binary string: C:\Dev\@Altronic\de1550_pcapp\DE-1550\obj\x86\Debug\Altronic DE-1550.pdb source: Altronic DE-1550.exe.3.dr
Source:	Binary string: DPCA.pdb source: DE-1550 Installer v1.03_rev1 07-23-2018.msi, MSI591B.tmp.2.dr, MSI584F.tmp.2.dr, 118801b.msi.3.dr, 118801d.msi.3.dr, MSI81A2.tmp.3.dr, MSI80E6.tmp.3.dr
Source:	Binary string: C:\Dev\@Altronic\de1550_pcapp\DE-1550\obj\x86\Debug\Altronic DE-1550.pdbDp source: Altronic DE-1550.exe.3.dr
Source:	Binary string: DPCA.pdb<0 source: DE-1550 Installer v1.03_rev1 07-23-2018.msi, MSI591B.tmp.2.dr, MSI584F.tmp.2.dr, 118801b.msi.3.dr, 118801d.msi.3.dr, MSI81A2.tmp.3.dr, MSI80E6.tmp.3.dr

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI584F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic DE-1550.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI591B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI80E6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81A2.tmp	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI80E6.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81A2.tmp			Jump to dropped file

Modifies existing windows services

Source: C:\Windows\System32\msiexec.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altronic LLC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altronic LLC\DE-1550	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altronic LLC\DE-1550\DE-1550.lnk	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic DE-1550.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI81A2.tmp			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Installer	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Installer\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	831165
Product:	CloudBasic
Start time:	07:25:37
Start date:	21.03.2023
Sample:	DE-1550 Installer v1.03_rev1 07-23-2018.msi
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	08af3aac53f698f92b16583e6a76b2aa
SHA1:	f34527fe04eded912253b494e4b7b9dc29150283
SHA256:	cdec38d9934ee64d57f09ce851de1b9f3b4f823e4b7b5420a8c1254f53eabdee
Filetype:	Microsoft Windows Installer (77509/1) 90.64%

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\118801c.rbs	data	DCCCB8C335FFC3BBE967A10EAD28AA88	8B8268AFE4C0238E32DD60D0F202C5B91E6A2955	12576A38F48B08D81C3685203E910C55278DABFC9AEA98340AB28B9ED5E3B0B3
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic DE-1550.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	5550DE5A2731E0E032ADA555A283B661	B19AE7FCB7ADF0AD9FFEF260D977D124C3C07ABB	A8931E7501E1FF82D69D6DAC96E0D487FDC8203E2400CF8266B79CEDF48DA352
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic DE-1550.exe.config	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	153521492A23F91BFCF6D01B80E3A39C	2439DED18703AFB5FA885AE1CAF2F8DC5F80C0EC	6E8133C547BAF698FC1985BAC1E614DAD0184DF4470D8B9F70299D144C9F32CA
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic.ico	MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel	66DF1FDB899EA252FDCA66AC561F0754	BE444798581095030EAB1C93C9219DCDB3251F44	1CAE16A1B08AA2D980554FD9DE53FDCFC6B166D919FA4957E75544C77770DD37
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Configuration Files\DEFAULT.afd	ASCII text, with CRLF line terminators	E7BD71159DB9AA5A0A64C407D0486E4D	BF8640E26B3708FFF08CCF609906FDD83867AD56	45B5B85C60FAE632E86843A066C97E5465BE0D9EF7DACD2E9F91FEDCB28C40AA
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Configuration Files\DEFAULT.pgd	Unicode text, UTF-8 text, with CRLF line terminators	D8E63529A462613D5EC0BDF4E2F7A341	AB146B08EAE75EC7609A049515A52D6D340505E8	3F95F9A1ADC412BB1168149E6513AE1FA1EBD9F2F2460D6131E5319908820318
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Configuration Files\DEFAULT.trd	ASCII text, with CRLF line terminators	190E22E6D17F591E205FADB710625084	6C97FAFC8707397C750DD4E68393467A03CD5A4F	6770EEF98AD01BDE9BA78D855E69DC7CF110C3DB37E88D9883C5AE9F45D14DF8
C:\Users\user\AppData\Local\Temp\CFG58FB.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	3C3D11B78E4C077C083F0B6B527D146E	C210C08BB3BDA4D775AA4F23BD177DBEF0BC1378	55DB6CC3FCF27F20362198F28B652889F7808FFA206E2140D3F3AB3ECE879EB9
C:\Users\user\AppData\Local\Temp\CFG8182.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	3C3D11B78E4C077C083F0B6B527D146E	C210C08BB3BDA4D775AA4F23BD177DBEF0BC1378	55DB6CC3FCF27F20362198F28B652889F7808FFA206E2140D3F3AB3ECE879EB9
C:\Users\user\AppData\Local\Temp\MSI584F.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0A2626FC9E4E0CA18386C029E9EFFFD9	AC5576497AFAC2456F485CDB14BF52D895769651	97A55524E0BF06419143B1B71778C0EC867716079AB477E8404A0F3125DA7DC3
C:\Users\user\AppData\Local\Temp\MSI591B.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0A2626FC9E4E0CA18386C029E9EFFFD9	AC5576497AFAC2456F485CDB14BF52D895769651	97A55524E0BF06419143B1B71778C0EC867716079AB477E8404A0F3125DA7DC3
C:\Users\user\AppData\Roaming\Microsoft\Installer\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}\_8FE7F6AC6251280AFC5837.exe	MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel	66DF1FDB899EA252FDCA66AC561F0754	BE444798581095030EAB1C93C9219DCDB3251F44	1CAE16A1B08AA2D980554FD9DE53FDCFC6B166D919FA4957E75544C77770DD37
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altronic LLC\DE-1550\DE-1550.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	E5CC45B468FD449A60EDD2A93BB1DFBA	4708CB476314EF8EFDC2F5A2D33BD9A860B1EC18	136B05710FC1F64B45AB645A9EFFDAA071009658AF0CFD88CA7645436BCD125A
C:\Windows\Installer\118801b.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {F6296E9E-3D64-43FF-B0A4-736C96B15080}, Title: DE-1550 Installer, Author: Altronic LLC, Number of Words: 2, Last Saved Time/Date: Tue Jul 24 03:15:26 2018, Last Printed: Tue Jul 24 03:15:26 2018	08AF3AAC53F698F92B16583E6A76B2AA	F34527FE04EDED912253B494E4B7B9DC29150283	CDEC38D9934EE64D57F09CE851DE1B9F3B4F823E4B7B5420A8C1254F53EABDEE
C:\Windows\Installer\118801d.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {F6296E9E-3D64-43FF-B0A4-736C96B15080}, Title: DE-1550 Installer, Author: Altronic LLC, Number of Words: 2, Last Saved Time/Date: Tue Jul 24 03:15:26 2018, Last Printed: Tue Jul 24 03:15:26 2018	08AF3AAC53F698F92B16583E6A76B2AA	F34527FE04EDED912253B494E4B7B9DC29150283	CDEC38D9934EE64D57F09CE851DE1B9F3B4F823E4B7B5420A8C1254F53EABDEE
C:\Windows\Installer\MSI80E6.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0A2626FC9E4E0CA18386C029E9EFFFD9	AC5576497AFAC2456F485CDB14BF52D895769651	97A55524E0BF06419143B1B71778C0EC867716079AB477E8404A0F3125DA7DC3
C:\Windows\Installer\MSI81A2.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0A2626FC9E4E0CA18386C029E9EFFFD9	AC5576497AFAC2456F485CDB14BF52D895769651	97A55524E0BF06419143B1B71778C0EC867716079AB477E8404A0F3125DA7DC3
C:\Windows\Installer\MSI8211.tmp	data	B886CF6073879A845B0794954B9BE035	A9B47E19999111C824B827967CFE8F51EAB42A3A	AB3092933C89843F3C9914AF4DC161F744CB06F8F4ED6B87597825B53715F809
C:\Windows\Installer\SourceHash{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}	Composite Document File V2 Document, Cannot read section info	3E49C888580AA400ED1B9602A70FF416	D18E4B981F989C841D6926601EB406416332F878	4C5EB78BB000C735955D1472D3C15B3D0B112BB9EF31594AD63D5D5EE4D3A39D
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	6EB9B3FD409ECB8793C3C1A3BBF60338	55D018FB509A7D0F73E341E917C21C386CCD9841	8FB033DCC4823281B1E1899CB632487F9D4C538B63CA06646F0A380A2487EABE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E6AC735A3AC9C3524062BB08B3C68054	247F2F4EE1207BE61763CCB6A3627DA5E45687B7	D3BACFF677DE6A3A4DBC1959E36EE0835BB0F6E2AEBE2B226E55BBA3DD6BAF28
C:\Windows\Temp\~DF164F575F959CA334.TMP	Composite Document File V2 Document, Cannot read section info	CD2899B31400FF4BC5EEC98EE0458ED2	93C87C34DD84A9CAEB2A941EF098D04C6C2296CD	5E688E2878BA4302AD4293DE7EC3202ADF0F71DD7414284BDD9826AF6937DC9D
C:\Windows\Temp\~DF1AD6B9B44D290FF8.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF22D2B4B04A4971FD.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF23FA9ACE23FCD44B.TMP	Composite Document File V2 Document, Cannot read section info	6EB9B3FD409ECB8793C3C1A3BBF60338	55D018FB509A7D0F73E341E917C21C386CCD9841	8FB033DCC4823281B1E1899CB632487F9D4C538B63CA06646F0A380A2487EABE
C:\Windows\Temp\~DF7B53429BE2301499.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF8B370F716CC75002.TMP	data	C1332DA97E0756551DD56435602B193C	AF9120D7E49CEF297BC25FBF9CAB844714967049	5F36A4415B9E0C12BD7514212816A5E76DE2A7619A363594F216629B8FC4933A
C:\Windows\Temp\~DFA27904E46FB322E6.TMP	Composite Document File V2 Document, Cannot read section info	CD2899B31400FF4BC5EEC98EE0458ED2	93C87C34DD84A9CAEB2A941EF098D04C6C2296CD	5E688E2878BA4302AD4293DE7EC3202ADF0F71DD7414284BDD9826AF6937DC9D
C:\Windows\Temp\~DFAC25A1076C4CE445.TMP	data	1283FCAD05C3DA463169C2AA56A9DF7F	CE2E47BB22B8194734E6F2E19DC1B3E18E4B4558	3D48FE70567A8406C89D1A1A83C21CA51CD64A70B3C1EC675024DA72E5D3AD60
C:\Windows\Temp\~DFB0DDA37AD60475C1.TMP	Composite Document File V2 Document, Cannot read section info	CD2899B31400FF4BC5EEC98EE0458ED2	93C87C34DD84A9CAEB2A941EF098D04C6C2296CD	5E688E2878BA4302AD4293DE7EC3202ADF0F71DD7414284BDD9826AF6937DC9D
C:\Windows\Temp\~DFC2CAB2504A990051.TMP	Composite Document File V2 Document, Cannot read section info	6EB9B3FD409ECB8793C3C1A3BBF60338	55D018FB509A7D0F73E341E917C21C386CCD9841	8FB033DCC4823281B1E1899CB632487F9D4C538B63CA06646F0A380A2487EABE
C:\Windows\Temp\~DFD60CD8828C653DCD.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFEBA6A2164AD9C55F.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560

Windows Analysis Report
DE-1550 Installer v1.03_rev1 07-23-2018.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report DE-1550 Installer v1.03_rev1 07-23-2018.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
DE-1550 Installer v1.03_rev1 07-23-2018.msi