55b17467da6d12ecf71e82eb96870bd314f248675da1bfad1b1e437b45453452 a86ac0ad1f8928e8d4e1b728448f54f9 HKEY_CLASSES_ROOT\Ultra3\Enum HKEY_CLASSES_ROOT\usbehub\Enum \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows HKEY_CLASSES_ROOT\Ultra3 HKEY_CLASSES_ROOT\usbehub c:\windows\$ntuninstallq923283$\pxinsi64.exe c:\users\user\appdata\local\temp\vdm.dll par1\system par1\ c:\users\user\desktop\%systemroot%\$ntuninstallq923283$ c:\windows\$ntuninstallq923283$\fdisk.sys par1 vboxdrv c:\windows\$ntuninstallq923283$\usbehub.sys c:\windows\$ntuninstallq923283$ {E9B1E207-B513-4cfc-86BE-6D6004E5CB9C} Process install_ipc_endpoint Creates mutex with name "{E9B1E207-B513-4cfc-86BE-6D6004E5CB9C}" 1 File System modify_os_dir Modify "c:\windows\$ntuninstallq923283$\fdisk.sys" 3 File System modify_os_dir Modify "c:\windows\$ntuninstallq923283$\pxinsi64.exe" 3 OS enable_process_privileges Enable "SeLoadDriverPrivilege" 1 OS enable_critical_process_privileges Enable "SeLoadDriverPrivilege" 4 Process create_process_with_hidden_window The process "C:\Windows\$NtUninstallQ923283$\pxinsi64.exe" starts with hidden window 1 OS enable_critical_process_privileges Enable "SeLoadDriverPrivilege" 4 Kernel kernelcode_execution See kernel behavior tab for detailed information 5 Static sample_dropped_pe_file Drop file "c:\windows\$ntuninstallq923283$\usbehub.sys" 1 Static sample_dropped_pe_file Drop file "c:\windows\$ntuninstallq923283$\pxinsi64.exe" 1 Static sample_execute_dropped_pe_file Execute dropped file "c:\windows\$ntuninstallq923283$\pxinsi64.exe" 1 100